Authentication & Idempotency
Authentication
Authentication
The Paysend Enterprise API uses API keys and digital signatures for authentication and request validation.
API Keys You will receive two sets of API keys:
- A key for inbound requests (your requests to our API)
- A key for outbound requests (our notifications to your systems)
Request Signing
All API requests must include a digital signature in the X-OPP-Signature
header. To generate this signature:
- Construct the source string:
{RequestBody}{InboundAPIKey}
- Apply the agreed-upon hash algorithm (e.g., MD5) to this source string.
- Convert the resulting hash to a hexadecimal string.
Supported Hash Algorithms
Paysend Enterprise API supports the following hash algorithms for generating signatures:
- SHA-256
- SHA-512 Choose the algorithm that best fits your security requirements. We recommend using MD5 for a good balance of security and performance.
Idempotency
Idempotency is a crucial feature in financial APIs that ensures the same operation is not accidentally performed multiple times. This is particularly important for payment transactions to prevent duplicate charges or transfers. The Paysend Enterprise API implements idempotency using a combination of two key elements:
- Idempotency Key: A unique identifier for each API request.
- Request Timestamp: The time at which the request was initiated by the client.
When making a request to the API:
- Generate a unique idempotency key for each new request.
- Include the idempotency key in the
header.request.id
field of your request. - Include the current timestamp in the
header.request.date
field.
Example request header:
"header": {
"request": {
"id": "unique-idempotency-key-123",
"date": "2024-08-15T14:30:00Z"
}
}