Widget Signature

For the sake of security, Premium Partners have to sign for the widget URL using a hash-based message authentication code (HMAC) with SHA-256.

Signature for query parameters

You will get your own SecretKey during [Onboarding].

NEVER store the SecretKey in the frontend. Your account might be blocked once the credential leakage is detected. FaTPay reserves the right to take any other actions and pursue any other legal rights available to us.

Procedure

Retrieve parameters
- Firstly, retrieve all the query parameters required to sign(check [Common parameters], [On-ramp Widget Customization] and [Interface Customization]). Build a map with all key-value pairs;
- Then remove all the items with null keys or null values;
Sort parameters
- Sort all parameter keys in ascending order(as per ASCII values of the characters);
Prepare to-be-signed-payload
- Convert the sorted map to a string to-be-signed-payload in the form of key=value and concatenate them with & character as the separator;
Compute signature
- Next use SecretKey to generate signature for the string to-be-signed-payload from last step with a hash-based message authentication code (HMAC) with SHA-256. And don't forget urlencoding it. Please refer to [Widget Signature Demo];
Assign signature
- Finally, assign the signature to signature in the query parameters and append it to the widget URL;

Example

OK. For instance, a Premium Partner would like to set a default wallet address, while lock the wallet address and set the wallet address invisible to the user.

Query parameters

{
  "walletAddress": "0xF0C35891CAf1cCa9b1daB1291c61fF232E6D5888",
  "walletAddressHidden": "1",
  "walletAddressLocked": "1",
  "ext": "ext"
}

Common parameters

{
  "nonce": 748219,
  "partnerId": "mqMBpCIP630LJxLY",
  "timestamp": 1656600459
}

Retrieve parameters

Firstly, retrieve all the query parameters required to sign.

ext=ext&nonce=54335363&partnerId=mqMBpCIP630LJxJK&partnerUrl=https://yoururl.com&timestamp=1657854065&walletAddress=xxxx&walletAddressHidden=1&walletAddressLocked=1

Then Build a map with all key-value pairs. And remove all the items with null keys or null values;.

{
  "partnerId": "mqMBpCIP630LJxLY",
  "timestamp": 1656600459,
  "nonce": 748219,
  "walletAddress": "0xF0C35891CAf1cCa9b1daB1291c61fF232E6D5888",
  "walletAddressHidden": "1",
  "walletAddressLocked": "1",
  "ext": "ext"
}

Sort parameters

Sort all parameter keys in ascending order(as per ASCII values of the characters).

{
  "ext": "ext",
  "nonce": 748219,
  "partnerId": "mqMBpCIP630LJxLY",
  "timestamp": 1656600459,
  "walletAddress": "0xF0C35891CAf1cCa9b1daB1291c61fF232E6D5888",
  "walletAddressHidden": 1,
  "walletAddressLocked": 1
}

Prepare to-be-signed-payload

Convert the sorted map to a string to-be-signed-payload in the form of key=value and concatenate them with & character as the separator.

ext=ext&nonce=54335363&partnerId=mqMBpCIP630LJxJK&timestamp=1657854065&walletAddress=0xF0C35891CAf1cCa9b1daB1291c61fF232E6D5888&walletAddressHidden=1&walletAddressLocked=1

Compute signature

Next use SecretKey to generate signature for the string to-be-signed-payload from last step with a hash-based message authentication code (HMAC) with SHA-256.

4UoZ2gIm3bcLTw5K6WdBJIaYBiXgQF3uvOfY4Ovc6+4=

Urlencode the signature:

4UoZ2gIm3bcLTw5K6WdBJIaYBiXgQF3uvOfY4Ovc6%2B4%3D

Assign signature

Finally, assign the signature to signature in the query parameters and append it to the widget URL.

https://ramp.fatpay.xyz/home?ext=ext&nonce=748219&partnerId=mqMBpCIP630LJxLY&timestamp=1656600459&walletAddress=0xF0C35891CAf1cCa9b1daB1291c61fF232E6D5888&walletAddressHidden=1&walletAddressLocked=1&signature=4UoZ2gIm3bcLTw5K6WdBJIaYBiXgQF3uvOfY4Ovc6%2B4%3D

PreviousWidget Themes Gallery NextAPI Reference

Last updated 3 years ago