Authentication
Headers
To authenticate your requests to the Payment Gateway API, you need to include the following headers:
| Header Parameter | Description |
|---|---|
| On-Key | Your unique API key. This key identifies your application and authorizes access to the API. |
| On-Token | Your secret token. This token serves as a secret key to generate the signature. |
| On-Signature | The signature generated using the HMAC-SHA512 algorithm. It ensures the integrity and authenticity of the request. |
Please ensure that you include these headers in every API request to properly authenticate your application.
Signature Generation
To generate the signature, you can use the following code snippet in your preferred programming language:
- PHP
codesignature = hash_hmac('sha512', key + json_encode(body), token)
In this code, replace the following variables with the appropriate values:
key: Your API key.body: The JSON-encoded request body.token: Your secret token
Signature Generation Example
In this guide, we will demonstrate how to generate a signature for the "Fund Acceptance Virtual Account" parameters. This signature will be used to authenticate a request on our end. Generating this signature is essential for ensuring the security and integrity of your API requests.
| Project Key | Project Token |
|---|---|
| SC-KRW9ESNZUUKQXOOX | jlaVHot4XGnCqYU8FI20GHwkv6RMOT2t |
You'll need to encode and format your code to be looks like this before hashing
SC-KRW9ESNZUUKQXOOX{"reference":"12345678","bankCode":"014","viewName":"Guntur Brahmaputra","type":"ClosedAmount","amount":10000,"additionalInfo":{"callback":"https:\/\/google.com"}}
use the Project Token to hashing the string above. if you obtain the same result, then you've successfully generated the signature, and it can be used to make a request on our end without any problem.
631ac84aad1b18d1b9004d0bc944cb643892fbd0fd5f60407e0f166b8d86b10420af0f5d80b65805153eb12ffd24333c09bfe37108ea38192d24d3f7aac64131
Environment
We currently offer two environments that you can utilize for your application:
Sandbox - https://api.sandbox.cronosengine.com/api
Production - https://api.cronosengine.com/api
Please note that the above information is subject to change, and we recommend referring to the latest documentation for accurate details.