Authorization
All requests to Merchant API must include the following headers X-Client-Id and X-Signature.
X-Client-Id
The X-Client-Id header must include a Token, which you can find in a "Profile" section of the app (app.transavex.com).
X-Client-Id: <token>
X-Signature
The X-Signature header must contain a Base64-encoded string that is signed with the merchant's secret key using the SHA256 algorithm.
The string to sign must be formed by concatenating the following elements in the following order:
- HTTP request method (for example, GET, POST).
- The request's URL (for example,
/api/v1/country/available). - The request body - if present, for
application/jsondata type.
Example of the string that should be signed:
POST/api/v1/payin/create{"amount":1000,"country": "RU","paymentMethod": "Card",...}
GET requests
For GET requests, the signature string is created by concatenating only the request method and the request URL.
An example for GET request:
GET/api/v1/country/available
Signature generation
The previously composed string should be signed with the secret key, using the SHA256 algorithm, the result must be encoded in Base64 and sent as a X-Signature header.
X-Signature: <Signature>
Code examples
Postman pre-request script example which correctly signs and puts X-Signature in each request.
const method = pm.request.method;
let fullUrl = pm.request.url;
let path = fullUrl.getPath();
let query = fullUrl.getQueryString();
if (query && query.length > 0) {
path += '?' + query;
}
const body = pm.request.body && pm.request.body.raw ? pm.request.body.raw.trim() : '';
const secret = '<your-secret-key>';
const messageToSign = method + path + body;
const hash = CryptoJS.HmacSHA256(messageToSign, secret);
const signature = CryptoJS.enc.Base64.stringify(hash);
pm.request.headers.upsert({
key: 'X-Signature',
value: signature
});