Authentication

All API requests will require you to pass an Authorization bearer token and MONI-SIGNATURE in the header.
The Authorization bearer token value will be your access_token. You can get your access token value from your dashboard.
The value of MONI-SIGNATURE will be a combination of the tribe_account_ref, public_key, and merchant_private_key. This is to verify the source sending the request.
The value will be gotten after combining the above parameters using a standard HMAC-SHA256 keyed hash.
To form the MONI-SIGNATURE see sample code below.
Python
JS
C#
PHP
Java
Ruby
import hmac 
import hashlib 
import six
message = tribe_account_ref + public_key 
final_hex = hmac.new(six.b(merchant_private_key), msg=message.encode('UTF-8'), digestmod=hashlib.sha256).hexdigest()
return final_hex
const tribe_account_ref = "tribe-account-ref-value";
const public_key = "your-public-key-value";
const merchant_private_key = "your-private-key-value";
​
let hmac = crypto.createHmac("sha256", merchant_private_key);
//passing the data to be hashed
let digest_msg = tribe_account_ref + public_key;
let data = hmac.update(digest_msg);
//Creating the hmac in the required format
let moni_signature = data.digest("hex");
​
console.log("moni_signature: ", moni_signature);
using System;
using System.Security.Cryptography;
using System.Text;
​
public class HmacSha256SignatureGenerator
{
    public static string GenerateSignature(string secret, string digest)
    {
        byte[] keyBytes = Encoding.UTF8.GetBytes(secret);
        byte[] digestBytes = Encoding.UTF8.GetBytes(digest);
​
        using (var hmac = new HMACSHA256(keyBytes))
        {
            byte[] signatureBytes = hmac.ComputeHash(digestBytes);
            string signature = BitConverter.ToString(signatureBytes).Replace("-", "").ToLower();
            return signature;
        }
    }
}
​
public class Program
{
    public static void Main(string[] args)
    {
        string merchantKey = "your_merchant_key";
        string tribeAccountRef = "your_tribe_account_ref";
        string publicKey = "your_public_key";
​
        string digest = $"{tribeAccountRef}{publicKey}";
​
        string signature = HmacSha256SignatureGenerator.GenerateSignature(merchantKey, digest);
​
        Console.WriteLine($"HMAC-SHA256 Signature: {signature}");
    }
}
​
function generateSignature($secret, $digest) {
    $signature = hash_hmac('sha256', $digest, $secret);
    return $signature;
}
​
$merchantKey = 'your_merchant_key';
$tribeAccountRef = 'your_tribe_account_ref';
$publicKey = 'your_public_key';
​
$digest = $tribeAccountRef . $publicKey;
​
$signature = generateSignature($merchantKey, $digest);
​
echo "HMAC-SHA256 Signature: " . $signature;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
​
public class HmacSha256SignatureGenerator {
    public static String generateSignature(String secret, String digest) throws NoSuchAlgorithmException, InvalidKeyException {
        Mac hmacSha256 = Mac.getInstance("HmacSHA256");
        SecretKeySpec keySpec = new SecretKeySpec(secret.getBytes(StandardCharsets.UTF_8), "HmacSHA256");
        hmacSha256.init(keySpec);
        byte[] signatureBytes = hmacSha256.doFinal(digest.getBytes(StandardCharsets.UTF_8));
        StringBuilder signatureBuilder = new StringBuilder();
        for (byte b : signatureBytes) {
            String hex = String.format("%02x", b);
            signatureBuilder.append(hex);
        }
        return signatureBuilder.toString();
    }
​
    public static void main(String[] args) throws NoSuchAlgorithmException, InvalidKeyException {
        String merchantKey = "your_merchant_key";
        String tribeAccountRef = "your_tribe_account_ref";
        String publicKey = "your_public_key";
​
        String digest = tribeAccountRef + publicKey;
​
        String signature = generateSignature(merchantKey, digest);
​
        System.out.println("HMAC-SHA256 Signature: " + signature);
    }
}
​
require 'openssl'
​
def generate_signature(secret, digest)
  hmac = OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), secret, digest)
  hmac
end
​
merchant_key = 'your_merchant_key'
tribe_account_ref = 'your_tribe_account_ref'
public_key = 'your_public_key'
​
digest = tribe_account_ref + public_key
​
signature = generate_signature(merchant_key, digest)
​
puts "HMAC-SHA256 Signature: #{signature}"
​
headers = {
        'Authorization': 'Bearer xhscIjHgpm2ZiPjzKos4ivl4GhyZp5',
        'Content-Type': 'application/json',
        'moni-signature': 'wed332eeddrdbdbdbdbvdvdvdvvsbsvsd'
}
Last modified 3mo ago