API Authentication

Authentication is based on two headers:

X-Munzen-Key: your_api_key
X-Munzen-Signature: request_signature

X-Munzen-Key is your API key (public key) which you can get in your account dashboard.
X-Munzen-Signature — is a signature generated from the request body and signed by your secret API key HMAC-SHA256.

Keep in mind that it is mandatory to add a timestamp with every request. You can see a few examples below.

Code Examples

Here are a few examples with signature generation code:

// This is your API secret key
$apiSecret = 'PUT_YOUR_API_SECRET_HERE';

// How we will send our request
$requestMethod = 'POST';

// Request params
// timestamp — request UTC time in Unix Timestamp; 
$paramsArray = ['key1' => 'value1', 'key2' => 'value2', 'timestamp' => 1677237754];

// Sort recursive by keys
ksortRecursive($paramsArray);

// Concat request string recursive
$requestBody = implodeRecursive($paramsArray);

// Generate the string to sign
$stringToSign = $requestMethod . $requestBody;

// Recieve the hash
$signature = hash_hmac('sha256', $stringToSign, $apiSecret);


// Helper functions
function ksortRecursive(mixed &$array): void
{
    if (!is_array($array)) {
        return;
    }
    
    ksort($array);
    
    foreach ($array as $k => $v) {
        ksortRecursive($array[$k]);
    }
}

function implodeRecursive(mixed $array): string
{
    $output = '';
    foreach ($array as $item) {
        if (is_array($item)) {
            $output .= implodeRecursive($item);
        } else {
            $output .= $item;
        }
    }
    return $output;
}

// Do not forget to import CryptoJS library for HMAC-SHA256 hashing

// This is your API secret key
const apiSecret = 'PUT_YOUR_API_SECRET_HERE';

// How we will send our request
const requestMethod = 'POST';

// Request params
// timestamp — request UTC time in Unix Timestamp; 
const paramsObject = { key1: 'value1', key2: 'value2', timestamp: 1677237754 };

// Sort recursive by keys
function ksortRecursive(obj) {
  if (typeof obj !== 'object') {
    return;
  }
  
  const sortedKeys = Object.keys(obj).sort();
  const sortedObject = {};
  
  sortedKeys.forEach((key) => {
    sortedObject[key] = obj[key];
    ksortRecursive(sortedObject[key]);
  });
  
  Object.keys(obj).forEach((key) => {
    delete obj[key];
  });
  
  Object.assign(obj, sortedObject);
}

ksortRecursive(paramsObject);

// Concat request string recursive
function implodeRecursive(obj) {
  let output = '';
  
  for (const key in obj) {
    const item = obj[key];
    
    if (typeof item === 'object') {
      output += implodeRecursive(item);
    } else {
      output += item;
    }
  }
  
  return output;
}

const requestBody = implodeRecursive(paramsObject);

// Generate the string to sign
const stringToSign = requestMethod + requestBody;

// Receive the hash
const signature = CryptoJS.HmacSHA256(stringToSign, apiSecret).toString();

import hashlib
import hmac

# This is your API secret key
api_secret = 'PUT_YOUR_API_SECRET_HERE'

# How we will send our request
request_method = 'POST'

# Request params
# timestamp — request UTC time in Unix Timestamp;
params_dict = {'key1': 'value1', 'key2': 'value2', 'timestamp': 1677237754}

# Sort recursive by keys
def ksort_recursive(dictionary):
    return {k: ksort_recursive(v) if isinstance(v, dict) else v for k, v in sorted(dictionary.items())}

params_dict = ksort_recursive(params_dict)

# Concatenate request string recursively
def implode_recursive(dictionary):
    return ''.join(implode_recursive(v) if isinstance(v, dict) else str(v) for v in dictionary.values())

request_body = implode_recursive(params_dict)

# Generate the string to sign
string_to_sign = request_method + request_body

# Calculate the HMAC-SHA256 signature
signature = hmac.new(api_secret.encode(), string_to_sign.encode(), hashlib.sha256).hexdigest()

# Print the signature
print(signature)

PreviousAPI Requests NextEnvironments

Last updated 2 years ago