Authentication

The EllyPay API uses a key pair (API and Secret Keys) for authentication. To make an authenticated request to our API, you need to pass 3 (three) custom headers as described in this section.

Obtain the Keys

The API and Secret keys are shared in the email that's sent to you when your account is approved. These keys should sent as headers with the header names; ApiKey and SecretKey

Please ensure that your keys are stored safely and not shared with the public. In the event your keys are compromised, please contact us immediately for assistance.

Generate Request Signature

The third header is the request signature with the header name; Signature and it is generated by concatenating the API Key and the request IP (the one that's shared with us for whitelisting). The concatenation is in the format; ApiKey:IP and below is a description of how the signature is generated.

<?php
function generateSignature() {
    $apiKey = "EPYPUB-****";
    $secretKey = "EPYSEC-****";
    $requestIp = "127.0.0.1"; /*add your server IP here*/

    $stringToSign = $apiKey.":".$requestIp;
    
    return hash_hmac('sha256', $stringToSign, $secretKey, false);
}
?>

const crypto = require('crypto');
function generateSignature() {
    const apiKey = "EPYPUB-****";
    const secretKey = "EPYSEC-****";
    const requestIp = "127.0.0.1"; /*add your server IP here*/
    
    const stringToSign = `${apiKey}:${requestIp}`;
    
    return crypto.createHmac("sha256", secretKey).update(stringToSign).digest("hex");
}

Request Headers

For all the API requests, the following headers are required for the requests to succeed. These headers are obtained as described above.

PreviousError Handling NextAuthentication - V2

Last updated 3 years ago