Skip to main content

Authentication & Idempotency

Authentication

Authentication

The Paysend Enterprise API uses API keys and digital signatures for authentication and request validation.

API Keys You will receive two sets of API keys:

  • A key for inbound requests (your requests to our API)
  • A key for outbound requests (our notifications to your systems)

Request Signing

All API requests must include a digital signature in the X-OPP-Signature header. To generate this signature:

  1. Construct the source string: {RequestBody}{InboundAPIKey}
  2. Apply the agreed-upon hash algorithm (e.g., MD5) to this source string.
  3. Convert the resulting hash to a hexadecimal string.

Supported Hash Algorithms

Paysend Enterprise API supports the following hash algorithms for generating signatures:

  • SHA-256
  • SHA-512 Choose the algorithm that best fits your security requirements. We recommend using MD5 for a good balance of security and performance.

Idempotency

Idempotency is a crucial feature in financial APIs that ensures the same operation is not accidentally performed multiple times. This is particularly important for payment transactions to prevent duplicate charges or transfers. The Paysend Enterprise API implements idempotency using a combination of two key elements:

  • Idempotency Key: A unique identifier for each API request.
  • Request Timestamp: The time at which the request was initiated by the client.

When making a request to the API:

  1. Generate a unique idempotency key for each new request.
  2. Include the idempotency key in the header.request.id field of your request.
  3. Include the current timestamp in the header.request.date field.

Example request header:

"header": {
"request": {
"id": "unique-idempotency-key-123",
"date": "2024-08-15T14:30:00Z"
}
}