πŸ” Authentication
πŸ“‹ Overview

Overview

HMAC Authentication - For business API integrations HMAC-based authentication is used for the external Client API. Every request to a /client endpoint must be signed with your secret key using HMAC-SHA256.

Key Features

  • API Keys - Public identifier for your business
  • Secret Keys - Used to sign requests (never exposed)
  • Timestamp Validation - Prevents replay attacks
  • Request Signing - HMAC-SHA256 signature of body + timestamp

πŸ‘‰ Learn about HMAC Authentication

Quick Start

For Client API Access

  1. Generate API Keys - Create API keys in your business dashboard
  2. Sign Requests - Generate HMAC signature for each request
  3. Send Headers - Include X-API-Key, X-Signature, and X-Timestamp headers

Security Best Practices

  1. Never expose tokens or keys in code repositories
  2. Use HTTPS only for all API requests
  3. Handle token expiration with automatic refresh
  4. Store credentials securely (environment variables, secret managers)
  5. Rotate keys regularly for enhanced security
πŸ‘› WalletsπŸ” Authentication