1.3.5. Making requests to V3 API¶
Requests made to V3 API must contain appropriate Content-Type specified via corresponding HTTP header. For JSON requests, “application/json” must be specified.
UTF-8 must be used as an encoding for data.
All requests to API v3 must be signed. Signature is sent in X-Authorization HTTP request header.
Signatures are computed using HMAC_SHA1 algorithm; the request body is signed for JSON requests. Key is derived in the following way:
- Take merchantControlKey
- Remove dashes from it
- Unhex the result to binary
Transfer and transfer-form requests debug¶
For integration purposes you may use E-Commerce test cards to generate random card numbers.
String to sign |
---|
Signature |
---|