HMAC Signature Generation
HMAC Signatures are a cryptographic technique used to verify both the integrity and authenticity of a message.
Giftcard Market will provide you a shared hash secret to be used in HMAC calculations and validations.
THIS SECRET MUST BE KEPT SECURE AND SHOULD NOT BE SHARED
HMAC signatures must include a timestamp to prevent replay attacks
Examples
Javascript
const crypto = require('crypto');
const axios = require('axios');
const apiKey = 'your_giftcard_market_api_key';
const hmacSecret = 'your_hmac_secret';
const endpoint = 'https://api.example.com/v1/payments';
const timestamp = Math.floor(Date.now() / 1000).toString(); // Unix timestamp in seconds
// API payload
const payload = JSON.stringify({
transaction_id: "unique_transaction_id",
store_id: "partner_store_id",
gift_cards: [
{
gift_card_id: "unique_id_generated_by_partner",
card_program: "restaurant",
redemption_method: "text",
recipient_name: "recipient_name",
recipient_email: "recipient_email",
recipient_phone_number: "recipient_phone",
sender_name: "purchaser_name",
sender_email: "purchaser_email",
custom_message: "custom_message_to_recipient",
currency: "usd",
value: 1000,
search_provider: "yelp",
business_id: "search_results_business_id",
business_name: "search_results_business_name",
photo_img_url: "search_results_image_url"
}
]
});
// Generate HMAC signature
const message = `${payload}${timestamp}`;
const hmac = crypto.createHmac('sha256', key);
const hash = hmac.update(message).digest('hex').toLowerCase();
// Make the API request
axios.post(endpoint, payload, {
headers: {
'x-api-key': apiKey,
'x-timestamp': timestamp,
'x-signature': signature,
'Content-Type': 'application/json'
}
})
C#
using System;
using System.Net.Http;
using System.Text;
using System.Threading.Tasks;
using System.Security.Cryptography;
public class Program
{
private static async Task Main()
{
var apiKey = "your_giftcard_market_api_key";
var hmacSecret = "your_giftcard_market_hmac_secret";
var endpoint = "https://api.example.com/v1/payments";
var timestamp = DateTimeOffset.UtcNow.ToUnixTimeSeconds().ToString(); // Unix timestamp in seconds
// API payload
var payload = new
{
transaction_id: "unique_transaction_id",
store_id: "partner_store_id",
gift_cards: [
{
gift_card_id: "unique_id_generated_by_partner",
card_program: "restaurant",
redemption_method: "text",
recipient_name: "recipient_name",
recipient_email: "recipient_email",
recipient_phone_number: "recipient_phone",
sender_name: "purchaser_name",
sender_email: "purchaser_email",
custom_message: "custom_message_to_recipient",
currency: "usd",
value: 1000,
search_provider: "yelp",
business_id: "search_results_business_id",
business_name: "search_results_business_name",
photo_img_url: "search_results_image_url"
}
]
};
var jsonPayload = System.Text.Json.JsonSerializer.Serialize(payload);
// Generate HMAC signature
var key = Encoding.UTF8.GetBytes(hmacSecret)
using var hmac = new HMACSHA256(key);
var hash = hmac.ComputeHash(Encoding.UTF8.GetBytes(message));
return BitConverter.ToString(hash).Replace("-", "").ToLowerInvariant();
// Set up HTTP client
using var client = new HttpClient();
client.DefaultRequestHeaders.Add("x-api-key", apiKey);
client.DefaultRequestHeaders.Add("x-timestamp", timestamp);
client.DefaultRequestHeaders.Add("x-signature", signature);
// Send POST request
var content = new StringContent(jsonPayload, Encoding.UTF8, "application/json");
var response = await client.PostAsync(endpoint, content);
}
}