LogoLogo
  • About Aquapay
    • Introduction
    • Payments Facilitation
    • Web Portal
  • Features
    • Account Management
    • Payments and Payouts
    • Crypto Conversion
    • Address Whitelisting
    • CSV Exports
  • Integration Guide
    • API Key
    • Authorization
    • Adding Webhook URLs
    • Webhooks
    • Payment Flow
    • Confirmations & Limits
    • Testnet and Faucet
  • API Endpoints
    • Payment API
    • Conversion API
    • Transaction API
  • Common Scenarios and FAQs
    • Scenario Examples
    • FAQs
Powered by GitBook
On this page
  • API Authentication
  • Code Example
  • Common Auth Errors

Was this helpful?

  1. Integration Guide

Authorization

PreviousAPI KeyNextAdding Webhook URLs

Last updated 2 years ago

Was this helpful?

API Authentication

Authentication is done using an API key and a secret key. To generate this pair, read .

As an example, we will use the "/payment/v1/requestPaymentAddress" endpoint to show how to authenticate. This can be used for all endpoints that requires authentication.

These are encoded as HTTP headers named:

  • x-nonce

  • x-api-key

  • x-signature

Code Example

require("isomorphic-fetch");
const crypto = require("crypto");

async function sendRequest() {
  const apiKey = "YOUR_API_KEY";
  const apiSecret = "YOUR_API_SECRET";

  const path = "/payment/v1/requestPaymentAddress";
  const nonce = Date.now().toString();
  const httpMethod = "POST";

  const signatureContent = JSON.stringify({
    httpMethod,
    path,
    nonce,
  });

  const sig = crypto
    .createHmac("sha384", apiSecret)
    .update(signatureContent)
    .digest("hex");

  try {
    const res = await fetch(`https://api-staging.aquanow.io${path}`, {
      method: httpMethod,
      headers: {
        "x-nonce": nonce,
        "x-api-key": apiKey,
        "x-signature": sig,
      },
      body: JSON.stringify({
        cryptoType: "BTC",
        fiat: "CAD",
        fiatReceivable: 5,
        subaccount: "YOUR_CUSTOM_PAYMENT_ID",
      }),
    });
    if (res.status !== 200) {
      throw new Error(`${(await res.json()).message} status ${res.status}`);
    }
    const result = await res.json();
    console.log("Result: ", result);
  } catch (error) {
    console.log("error", error);
  }
}

sendRequest();
<?php require_once 'vendor/autoload.php';
use GuzzleHttp\Client;
$method = 'GET';
$endpoint = '/payment/v1/payment';
$nonce = round(microtime(true) * 1000);
$apiKey = 'YOUR_API_KEY';
$apiSecret = 'YOUR_API_SECRET';
$content = [
    'httpMethod' => $method,
    'path' => $endpoint,
    'nonce' => (string) $nonce,
];
$json = json_encode($content, JSON_UNESCAPED_SLASHES);
$signature = hash_hmac('sha384', $json, $apiSecret);

$client = new Client([
    'base_uri' => 'https://api-staging.aquanow.io',
    'headers' => [
        'x-nonce' => $nonce,
        'x-api-key' => $apiKey,
        'x-signature' => $signature,
    ],
]);

try {
    $response = $client->request('GET', $endpoint, [
        'query' => [
            'startTime' => 1628654316000,
            'endTime' => 1628654346000,
        ],
    ]);

    echo $response->getBody();
} catch (RequestException $error) {
    echo $error
        ->getResponse()
        ->getBody()
        ->getContents();
} catch (\Exception $error) {
    echo $error->getResponse()->getBody();
}

Common Auth Errors

401

HTTP401 usually happens when invalid auth credentials are in the request auth headers. You will also receive 401 when nonce in calculating auth credentials are outdated.

403

HTTP403 usually happens when a request is blocked by IP whitelist or an incorrect URL/HTTP method.

API Setup