API Reference
Log In

Authentication

The mechanism of authorization of queries in zondacrypto pay system is exactly the same like in
zondacrypto.

To perform a valid authentication you need to use API public and secret keys to generate a
sign. You can generate keys by going to the Pages tab under the Management section, and
then click Add Store.

The generated pair of keys will only support a specific store and for each store, you should
generate them separately.

The parameters must be sent in JSON format which allows you to generate a hash.

In order to correctly execute a query for any method, the following authorization parameters
must be present in the header:

HeaderDescription
API-KeyPublic API key.
API-HashHMAC("SHA512", public_key +
current_timestamp +
JSON_body_parameters, private_key)
operation-idOne time, randomly generated UUID.
Request-TimestampCurrent time in the UNIX Timestamp format.
The same value must be used to generate
the hash.
Content-TypeTwo-part identifier of the file format, by
default: application/json.

API-Hash is HMAC based hash generated for body parameters using SHA512 algorithm and
your private key to sign. It contains following data:

  • Public key
  • Current timestamp of operation
  • Body parameters in JSON format
  • Private key to sign (in some libraries it is an additional parameter)

Example authorization headers and generation in NodeJS:

API-Key: 12345f6f-1b1d-1234-a973-a10b1bdba1a1
API-Hash:
8892f16e0713c5f3e3d7e9fa26c5a5f2817b09fc48fece72ed5712ae33547c92e91e735b
1818397136beea760efae61d1449a93e48ee2f80789dfa24830ef720
operation-id: 78539fe0-e9b0-4e4e-8c86-70b36aa93d4f
Request-Timestamp: 1529897422
Content-Type: application/json

'use strict'
const​ uuidv4 = ​ require​ ( ​ 'uuid/v4'​ );
const​ crypto = r
​ equire​ ( ​ 'crypto'​ );
const​ apiKey = ​ '48249e33-fbad-4805-a752-a82fe216e933'​ ;
const​ apiSecret = ​ '12cd3901-1d4f-4b24-82ef-fbbc36638b7c'​ ;
var​ body = ​ null​ ;
function​ ​ getHash​ (apiKey, timestamp, apiSecret, body) {
​ const​ hmac = crypto.createHmac(​ 'sha512'​ , apiSecret);
​ if​ (body)
hmac.update(apiKey + timestamp + ​ JSON​ .stringify(body));
​ else
hmac.update(apiKey + timestamp);
​ return​ hmac.digest(​ 'hex'​ );
};
let​ timestamp = ​ Date​ .now();
var​ headers = {
​ 'API-Key'​ : apiKey,
​ 'API-Hash'​ : getHash(apiKey, timestamp, apiSecret, body),
​ 'operation-id'​ : uuidv4(),
​ 'Request-Timestamp'​ : timestamp,
​ 'Content-Type'​ : ​ 'application/json'
};