Encryption
Encryption
When transferring money with our Payout API, you may choose to encrypt the payload before making the request. You'll need your encryption key (found in the Settings > API section of your dashboard) to manually encrypt the payload.
Encryption is optional and can only be used with the payout API
Here is a Node JS and a PHP example of how to encrypt a payload.
import crypto from "crypto";
const payload = {
"business": "{{businessId}}",
"sourceCurrency": "NGN",
"destinationCurrency": "NGN",
"amount": "20",
"description": "i want to sha pay money",
"paymentDestination": "bank_account",
"beneficiary": {
"firstName": "Alan",
"lastName": "Ross",
"accountHolderName": "Alan Ross",
"country": "ng",
"phone": "0803443433",
"accountNumber": "012344345",
"type": "individual",
"email": "[email protected]",
"bankCode":"058",
"bankName":"Guaranty Trust Bank"
}
};
const encryptionKey="";//get from settings page on the portal
const signature = crypto
.createHmac("SHA512", encryptionKey)
.update(JSON.stringify(payload))
.digest("hex");
//add generated signature to your headers as `signature` when initiating a payout
<?php
use \Firebase\JWT\JWT;
$payload = array(
"business" => "{{businessId}}",
"sourceCurrency" => "NGN",
"destinationCurrency" => "NGN",
"amount" => "20",
"description" => "i want to sha pay money",
"paymentDestination" => "bank_account",
"beneficiary" => array(
"firstName" => "Alan",
"lastName" => "Ross",
"accountHolderName" => "Alan Ross",
"country" => "ng",
"phone" => "0803043431",
"accountNumber" => "012344345",
"type" => "individual",
"email" => "[email protected]",
"bankCode" => "058",
"bankName" => "Guaranty Trust Bank"
)
);
$encryptionKey = ""; // get from settings page on the portal
$signature = hash_hmac('SHA512', json_encode($payload), $encryptionKey);
$encryptedData = hash_hmac('SHA512', json_encode($payload), $merchantWebhookSecretKey);
$signatureFromWebhook = $_SERVER['HTTP_SIGNATURE'];
if ($encryptedData === $signatureFromWebhook) {
echo "process";
} else {
echo "discard";
}
Please take note of the folllowing :
Payload
contains the paramters needed to process the requestencryptionKey
here refers to the encryption keysignature
holds the value of the encrypted payload that should be added to your headers
Updated over 1 year ago