API Reference

Signing the request

This page provides detailed instructions on how to generate an ECDSA key pair, register the public key, and sign sensitive endpoint requests using WudiPay. Here is a detailed explanation of each section

🚧

Attention, this documentation is related to the Endpoint "Perform a Cash-out"

Endpoint link: https://wudi-pay.readme.io/reference/perform-a-cash-out

How to Generate an ECDSA Public and Private Key Pair

At WudiPay, we use ECDSA with the secp256k1 curve to create and validate digital signatures.

Remember: Your private key should never be shared with anyone, not even with us!

On Mac (OSX) and most Linux distributions, OpenSSL is already installed. Windows users need to install OpenSSL to use this solution.

To create your key pair, open the terminal (Git Bash on Windows) and enter the following commands:

openssl ecparam -name secp256k1 -genkey -out privateKey.pem
openssl ec -in privateKey.pem -pubout -out publicKey.pem

➡️

Step-by-Step Guide for Digital Signature

Step 1 - Create Your Public and Private Key Pair

To generate a new key pair, you can follow the tutorial below.

Step 2 - Register Your Public Key

To register your public key, you need to log in to your dashboard (Dashboard).

2.1 - Access the “Integration” menu.

2.2 - Click on the "key" icon.

2.3 - Copy the contents of the “publicKey.pem” file and paste it into the “Public Key” field.

2.4 - Click the “Save” button.

Step 3 - Sign Sensitive Endpoint Requests

In this step, we will create the message. For this, we need:

  • API Key
  • Date and time in UNIX format
  • Request body in JSON format

3.1 - Concatenate these pieces of information as follows: APIKEY + ‘:’ + TIME + ‘:’ + JsonBODY

$apiKey = '111111-1111-111111-11111';
$requestTime = time();
$jsonBody = '{"key":"[email protected]","amount":100}';
$message = $apiKey . ':' . $requestTime . ':' . $jsonBody;

3.2 - Sign this message using your private key.

// DO NOT USE THIS KEY
// USE YOUR KEY GENERATED IN STEP 1
$privateKey = "-----BEGIN EC PRIVATE KEY-----
MHQCAQEEIDk+8PmO/1rwNqPLO3fRSgHETpISMPCCYfl26QF3dMLWoAcGBSuBBAAK
oUQDQgAEXEEw7WCXvh9r9L7G13TcXzPlxtxJZVF/56CbfveuH3gIY3oY6MgJ4hXE
Tn9+ZuaJlFTTx9sP66bmwuJP5x0QhA==
-----END EC PRIVATE KEY-----";
openssl_sign($message, $signature, $privateKey, OPENSSL_ALGO_SHA256);

3.5 - Convert the signature result to a Base64 string.

$base64Signature = base64_encode($signature);

3.6 - Add the Base64 signature and the request date and time to the request header.

curl --location '/api/cash-outs' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer {token}' \
--header 'Request-Signature: {$base64Signature}' \
--header 'Request-Time: {$requestTime}' \
--data-raw '{
    "key":"[email protected]",
    "amount":100
}'