Authentication
The API endpoints require authentication to ensure secure access to the resources. The authentication process involves signing the requests with the API key and secret provided by GlobiancePay when you create a new store.
Base URL for the API requests will be https://merchant-api.globiancepay.com/merchant-api-service
To authenticate requests, do the following
- Retrieve the API key and secret from the GlobiancePay Merchant Dashboard.
- Calculate the signature using a cryptographic hash function, such as HMAC-SHA256. The signature is generated by hashing the serialized request data or payload with the secret key.
- Add the calculated signature to the request headers.
- Add the API key to the request headers with key 'API-KEY'.
- Proceed with sending the authenticated request.
Javascript
Here's a sample of how you can authenticate the requests in Javascript.
Follow these steps:
- Create an instance of axios and set the base URL to the API service.
- Retrieve the API key and secret from the environment variables.
- Use an interceptor to modify the request headers before sending them. The interceptor calculates the signature (SIGN) based.
- on the request data using the provided secret.
- The calculated signature and API key are added to the request headers.
- Ensure that you have the correct API key and secret from your system to authenticate the requests successfully.
The following code snippet demonstrates the authentication process:
import axios from "axios";
import crypto from "crypto";
const axiosInstance = axios.create({
baseURL: "https://merchant-api.globiancepay.com/merchant-api-service",
});
const API_KEY = process.env.API_KEY;
const SECRET = process.env.SECRET;
axiosInstance.interceptors.request.use((config) => {
const SIGN = crypto
.createHmac("sha256", SECRET)
.update(JSON.stringify(config.data))
.digest("base64");
if (!config.headers) config.headers = {};
config.headers.SIGN = SIGN;
config.headers["API-KEY"] = API_KEY;
return config;
});
PHP
Here’s a sample of how you can authenticate the requests in PHP. Follow these steps:
Install Guzzle HTTP: Make sure you have Guzzle HTTP installed in your project. You can install it using Composer.
Import Required Classes: Use the necessary classes from the Guzzle HTTP library and PSR-7 interfaces.
Define API Key and Secret: Set your API key and secret. These are needed to generate the signature (SIGN) for the requests.
Create a Handler Stack: Create a handler stack using
HandlerStack::create(). This stack will handle the middleware that modifies the request before it is sent.Add Middleware for Signing Requests: Add a middleware to the handler stack. This middleware intercepts requests, calculates the signature (SIGN) based on the request body and your secret, and then adds the signature and API key to the request headers.
Create a Guzzle Client: Instantiate a Guzzle client with the base URL set to the API service and the handler stack you created.
Make API Requests: Use the configured Guzzle client to make API requests. The client automatically handles adding the necessary authentication headers.
Ensure Correct Credentials: Double-check that you have the correct API key and secret to authenticate the requests successfully.
<?php
require __DIR__ . '/../vendor/autoload.php';
use GuzzleHttpClient;
use GuzzleHttpMiddleware;
use GuzzleHttpHandlerStack;
use PsrHttpMessageRequestInterface;
$apiKey = "Your api key";
$secret = "Your secret key";
$handlerStack = HandlerStack::create();
$handlerStack->push(Middleware::mapRequest(function (RequestInterface $request) use ($apiKey, $secret) {
$body = (string) $request->getBody();
$sign = base64_encode(hash_hmac('sha256', $body, $secret, true));
return $request->withHeader('SIGN', $sign)
->withHeader('API-KEY', $apiKey);
}));
$client = new Client([
'base_uri' => 'https://merchant-api.globiancepay.com/merchant-api-service',
'handler' => $handlerStack,
]);