Authentication Process

Authentication Guide for Using Payelu APIs

This guide explains how to authenticate requests when interacting with our APIs. The authentication process ensures secure communication between your systems and our platform.

How Authentication Works

What We Provide

• auth_point_id: Your unique identifier as a merchant (merchant ID).Example:

• auth_api_token: A shared API key used to generate the hash securely.Example: "9SAhxl0NMIOmMMb2l2ToPf83urWDyM32Me26sWPLSK"

What You Need to Do

1. Generate a unique_key:
• Create a random number with less than 10 digits.
• Example: 1234567890

2. Generate the hash:
• Use the following algorithm to create a secure hash based on:
• auth_api_token (shared API key)
• auth_point_id (merchant ID)
• unique_key (random number)

Algorithm for Hash Generation

Python Example

import hmac
import hashlib

def generate_hash(auth_api_token: str, auth_point_id: str, unique_key: int) -> str:
    part1 = str(unique_key).encode('utf-8')
    part2 = str(auth_point_id).encode('utf-8')
    message = part1 + part2
    secret = auth_api_token.encode('utf-8')
    return hmac.new(secret, message, hashlib.sha256).hexdigest()

# Example implementation
auth_api_token = "9SAhxl0NMIOmMMb2l2ToPf83urWDyM32Me26sWPLSK"
auth_point_id = "dfr3s2c6-a45f-13e1-a2c5-3c58654b12s2"  # Your ID
unique_key = 1234567890  # Random number

generated_hash = generate_hash(auth_api_token, auth_point_id, unique_key)
print("Generated Hash:", generated_hash)

<?php
function generateHash($authApiToken, $authPointId, $uniqueKey) {
    $message = $uniqueKey . $authPointId;
    return hash_hmac('sha256', $message, $authApiToken);
}

// Example implementation
$authApiToken = "9SAhxl0NMIOmMMb2l2ToPf83urWDyM32Me26sWPLSK";
$authPointId = "dfr3s2c6-a45f-13e1-a2c5-3c58654b12s2"; // Your ID
$uniqueKey = 1234567890; // Random number

$generatedHash = generateHash($authApiToken, $authPointId, $uniqueKey);
echo "Generated Hash: " . $generatedHash;
?>

using System;
using System.Security.Cryptography;
using System.Text;

class Program
{
    static string GenerateHash(string authApiToken, string authPointId, int uniqueKey)
    {
        string message = uniqueKey.ToString() + authPointId;
        byte[] keyBytes = Encoding.UTF8.GetBytes(authApiToken);
        byte[] messageBytes = Encoding.UTF8.GetBytes(message);
        
        using (var hmac = new HMACSHA256(keyBytes))
        {
            byte[] hashBytes = hmac.ComputeHash(messageBytes);
            return BitConverter.ToString(hashBytes).Replace("-", "").ToLower();
        }
    }

    static void Main()
    {
        string authApiToken = "9SAhxl0NMIOmMMb2l2ToPf83urWDyM32Me26sWPLSK";
        string authPointId = "dfr3s2c6-a45f-13e1-a2c5-3c58654b12s2"; // Your ID
        int uniqueKey = 1234567890; // Random number

        string generatedHash = GenerateHash(authApiToken, authPointId, uniqueKey);
        Console.WriteLine("Generated Hash: " + generatedHash);
    }
}

Header Structure

Example Header:

json
Copiar código
{
    "auth_point_id": "dfr3s2c6-a45f-13e1-a2c5-3c58654b12s2",
    "unique_key": 1234567890,
    "hash": "fl498ff4f75f6925bede35ec706e09b693f2de25c81852dfd4b20d6af4e63se3"
}

How to Test

API Backend Validation

1. Retrieve the auth_api_token associated with your auth_point_id.

2. Recalculate the hash using the same algorithm and inputs (auth_api_token, auth_point_id, unique_key).

3. Compare the hashes:
• If the hash matches the one sent in the header, the authentication succeeds.
• If the hash does not match, the request is rejected.

Common Errors to Avoid

1. Incorrect Hash Calculation:
• Ensure the algorithm and input values match the documentation exactly.

2. Missing Header Fields:
• All three fields (auth_point_id, unique_key, hash) are required in every request.

3. Improper Field Types:
• auth_point_id: String (UUID format)
• unique_key: Integer (less than 10 digits)
• hash: String (SHA-256 hex digest)

Need Help?