Encryption
Encryption
When transferring money with our Payout API, you may choose to encrypt the payload before making the request. You'll need your encryption key (found in the Settings > API section of your dashboard) to manually encrypt the payload.
Encryption is optional and can only be used with the payout API
Here is a Node JS and a PHP example of how to encrypt a payload.
import crypto from "crypto";
const payload = {
"business": "{{businessId}}",
"sourceCurrency": "NGN",
"destinationCurrency": "NGN",
"amount": "20",
"description": "i want to sha pay money",
"paymentDestination": "bank_account",
"beneficiary": {
"firstName": "Alan",
"lastName": "Ross",
"accountHolderName": "Alan Ross",
"country": "ng",
"phone": "0803443433",
"accountNumber": "012344345",
"type": "individual",
"email": "[email protected]",
"bankCode":"058",
"bankName":"Guaranty Trust Bank"
}
};
const encryptionKey="";//get from settings page on the portal
const signature = crypto
.createHmac("SHA512", encryptionKey)
.update(JSON.stringify(payload))
.digest("hex");
//add generated signature to your headers as `signature` when initiating a payout
<?php
use \Firebase\JWT\JWT;
$payload = array(
"business" => "{{businessId}}",
"sourceCurrency" => "NGN",
"destinationCurrency" => "NGN",
"amount" => "20",
"description" => "i want to sha pay money",
"paymentDestination" => "bank_account",
"beneficiary" => array(
"firstName" => "Alan",
"lastName" => "Ross",
"accountHolderName" => "Alan Ross",
"country" => "ng",
"phone" => "0803043431",
"accountNumber" => "012344345",
"type" => "individual",
"email" => "[email protected]",
"bankCode" => "058",
"bankName" => "Guaranty Trust Bank"
)
);
$encryptionKey = ""; // get from settings page on the portal
$signature = hash_hmac('SHA512', json_encode($payload), $encryptionKey);
$encryptedData = hash_hmac('SHA512', json_encode($payload), $merchantWebhookSecretKey);
$signatureFromWebhook = $_SERVER['HTTP_SIGNATURE'];
if ($encryptedData === $signatureFromWebhook) {
echo "process";
} else {
echo "discard";
}
Please take note of the folllowing :
Payload
contains the paramters needed to process the requestencryptionKey
here refers to the encryption keysignature
holds the value of the encrypted payload that should be added to your headers
Updated 9 months ago