Signature
To enhance the security of our API interactions, we mandate the use of a Signature header. This additional security measure ensures that all requests are authenticated and verified, safeguarding sensitive data and preventing unauthorized access.
Prerequisites
- API_SECRET_KEY: Munify will provide this to the customer.
- CUSTOMER_ID: Munify’s Customer Identifier.
Steps
Concatenate the values of the following request body fields in sequence, omitting spaces and quotation marks
customer_idrequest_timestampcustomer_referenceamountcurrencybank_codepayout_typereceiver_identifier
Customer json
{
"request_timestamp": "2024-08-03T12:07:22.714321",
"customer_reference": "36786798",
"amount": 9600.00,
"currency": "EGP",
"bank_code": "MIDG",
"payout_type": "WALLET",
"receiver_identifier": "01XXXXXXXXX",
...
}Output result
message="3897102024-08-03T12:07:22.714321367867989600.00EGPMIDGWALLET01XXXXXXXXX"- Sign the concatenated string with the
API_SECRET_KEY- Method:
HMAC - Hash Function:
SHA-256
- Method:
Since the API_SECRET_KEY is hex-encoded, you must convert it to its binary
form before using it in the HMAC algorithm.
secret_key = bytes.fromhex('695c659755a58171daa2e694db3deb6b689799cf0cb100809287122ef88695c9')
hmac_signature = hmac.new(secret_key_bytes, message_bytes, hashlib.sha256)
signature= hmac_signature.digest()- Convert the signature to a hexadecimal string.
signature_hex_str = signature.hex()Complete example of signature generation (in Python)
# Step 1: Import the required libraries
import hmac
import hashlib
import base64
# Step 2: Define your inputs
message = "3897102024-08-03T12:07:22.714321367867989600.00EGPMIDGWALLET01XXXXXXXXX"
secret_key = "695c659755a58171daa2e694db3deb6b689799cf0cb100809287122ef88695c9"
# Ensure the secret_key is bytes
secret_key_bytes = bytes.fromhex(secret_key)
# Ensure the message is bytes
message_bytes = message.encode()
# Step 3: Create HMAC signature
hmac_signature = hmac.new(secret_key_bytes, message_bytes, hashlib.sha256)
# Step 4: Generate signature
signature = hmac_signature.digest()
# Convert the signature to hexadecimal string
signature_hex_str = signature.hex()
print("Hex Signature:", signature_hex_str)
""" Output
Hex Signature: abbe80001fcd9a8b2326cbab4611560b34f90b370b0e3e318f95a2955daad302
"""
Useful links:
- What is HMAC (Hash based Message Authentication Code)?
- Online HMAC Signature Generator
Utilize this Online HMAC Signature Generator to verify your generated signature against the expected outcome.
To replicate the example provided above, please use the following inputs- Concatenated String, TEXT
- API Secret Key, HEX
- SHA-256, HEX