FaTPay Docs
🇺🇸 English
🇺🇸 English
  • Overview
  • Get Started
    • Onboarding
    • Quickstarts
  • Best Practices
    • Exchanges
    • Crypto Projects
    • Wallets
    • Affiliate Partners
    • NFT
  • Reference
    • Integration Tutorial
      • On-ramp Widget Customization
      • NFT Checkout Widget Customization
      • Interface Customization
      • Widget Themes Gallery
      • Widget Signature
    • API Reference
      • APIs
        • List all cryptocurrencies
        • List all fiat currencies and payment methods
        • Retrieve quoted price
        • List all orders
      • Webhooks
        • Webhook for order events
      • API Signature & Webhook Validation
  • Appendix
    • Demo
      • Widget Signature Demo
      • API Signature Demo
      • Webhook Validation Demo
    • Languages
    • Fiat Currencies
    • Cryptocurrencies (on-ramp)
    • Cryptocurrencies (NFT Checkout)
    • Errors
Powered by GitBook
On this page
  • Signature for query parameters
  • Procedure
  • Example
  1. Reference
  2. Integration Tutorial

Widget Signature

PreviousWidget Themes GalleryNextAPI Reference

Last updated 2 years ago

For the sake of security, Premium Partners have to sign for the widget URL using a hash-based message authentication code () with .

Signature for query parameters

You will get your own SecretKey during [Onboarding].

NEVER store the SecretKey in the frontend. Your account might be blocked once the credential leakage is detected. FaTPay reserves the right to take any other actions and pursue any other legal rights available to us.

Procedure

  1. Retrieve parameters

    • Firstly, retrieve all the query parameters required to sign(check [], [On-ramp Widget Customization] and [Interface Customization]). Build a map with all key-value pairs;

    • Then remove all the items with null keys or null values;

  2. Sort parameters

    • Sort all parameter keys in ascending order(as per ASCII values of the characters);

  3. Prepare to-be-signed-payload

    • Convert the sorted map to a string to-be-signed-payload in the form of key=value and concatenate them with & character as the separator;

  4. Compute signature

    • Next use SecretKey to generate signature for the string to-be-signed-payload from last step with a hash-based message authentication code () with . And don't forget urlencoding it. Please refer to [Widget Signature Demo];

  5. Assign signature

    • Finally, assign the signature to signature in the query parameters and append it to the widget URL;

Example

OK. For instance, a Premium Partner would like to set a default wallet address, while lock the wallet address and set the wallet address invisible to the user.

Query parameters
{
  "walletAddress": "0xF0C35891CAf1cCa9b1daB1291c61fF232E6D5888",
  "walletAddressHidden": "1",
  "walletAddressLocked": "1",
  "ext": "ext"
}
Common parameters
{
  "nonce": 748219,
  "partnerId": "mqMBpCIP630LJxLY",
  "timestamp": 1656600459
}

Retrieve parameters

Firstly, retrieve all the query parameters required to sign.

ext=ext&nonce=54335363&partnerId=mqMBpCIP630LJxJK&partnerUrl=https://yoururl.com&timestamp=1657854065&walletAddress=xxxx&walletAddressHidden=1&walletAddressLocked=1

Then Build a map with all key-value pairs. And remove all the items with null keys or null values;.

{
  "partnerId": "mqMBpCIP630LJxLY",
  "timestamp": 1656600459,
  "nonce": 748219,
  "walletAddress": "0xF0C35891CAf1cCa9b1daB1291c61fF232E6D5888",
  "walletAddressHidden": "1",
  "walletAddressLocked": "1",
  "ext": "ext"
}

Sort parameters

Sort all parameter keys in ascending order(as per ASCII values of the characters).

{
  "ext": "ext",
  "nonce": 748219,
  "partnerId": "mqMBpCIP630LJxLY",
  "timestamp": 1656600459,
  "walletAddress": "0xF0C35891CAf1cCa9b1daB1291c61fF232E6D5888",
  "walletAddressHidden": 1,
  "walletAddressLocked": 1
}

Prepare to-be-signed-payload

Convert the sorted map to a string to-be-signed-payload in the form of key=value and concatenate them with & character as the separator.

ext=ext&nonce=54335363&partnerId=mqMBpCIP630LJxJK&timestamp=1657854065&walletAddress=0xF0C35891CAf1cCa9b1daB1291c61fF232E6D5888&walletAddressHidden=1&walletAddressLocked=1

Compute signature

4UoZ2gIm3bcLTw5K6WdBJIaYBiXgQF3uvOfY4Ovc6+4=

Urlencode the signature:

4UoZ2gIm3bcLTw5K6WdBJIaYBiXgQF3uvOfY4Ovc6%2B4%3D

Assign signature

Finally, assign the signature to signature in the query parameters and append it to the widget URL.

https://ramp.fatpay.xyz/home?ext=ext&nonce=748219&partnerId=mqMBpCIP630LJxLY&timestamp=1656600459&walletAddress=0xF0C35891CAf1cCa9b1daB1291c61fF232E6D5888&walletAddressHidden=1&walletAddressLocked=1&signature=4UoZ2gIm3bcLTw5K6WdBJIaYBiXgQF3uvOfY4Ovc6%2B4%3D

Next use SecretKey to generate signature for the string to-be-signed-payload from last step with a hash-based message authentication code () with .

HMAC
SHA-256
HMAC
SHA-256
HMAC
SHA-256
Common parameters