Return to Orbital Homepage
API Documentation
Login to the Client Portal
Start typing to search…

Signing your Requests

Signing Your Requests

To ensure the integrity and authenticity of your requests, you must sign them using your private key.

  1. Create the signature:

    • Concatenate the HTTP method, full resource (with any query or path parameters), and the JSON payload (if any) in this exact order.
    • Generate a SHA-256 hash of this content.
    • Sign this hash with your private key

  2. Include the following headers in your API request:

    • x-api-key: Your API key.
    • x-signature: The Base64-encoded signature from step 1.

  3. Request verification:
    The Global Payments API server will use your registered public key to verify the signature and ensure the request is authentic and has not been altered.

  4. Code samples

  • Resource with Path Parameter Node.js:
import * as crypto from 'crypto';

const privateKey = `-----BEGIN PRIVATE KEY-----
[Your-Private-Key-Here]
-----END PRIVATE KEY-----`;

// Example with Path Parameter
const pathPayload = 'GET/counterparty/f9c1bcab-5268-44c8-a6d5-65054bdfa46a';
const pathSignature = crypto.createSign('RSA-SHA256');
pathSignature.update(pathPayload);
const pathSignatureResult = pathSignature.sign(privateKey, 'base64');
  • Resource with Query Parameters Node.js:
import * as crypto from 'crypto';

const privateKey = `-----BEGIN PRIVATE KEY-----
[Your-Private-Key-Here]
-----END PRIVATE KEY-----`;

// Example with Query Parameters
const queryPayload = 'GET/transactions?fromDate=2024-06-26T00:52:28.795Z&toDate=2024-07-27T00:52:28.795Z&status=new';
const querySignature = crypto.createSign('RSA-SHA256');
querySignature.update(queryPayload);
const querySignatureResult = querySignature.sign(privateKey, 'base64');
  • Resource with Path Parameter Python:
import base64
import hashlib
from Crypto.Signature import pkcs1_15
from Crypto.PublicKey import RSA

private_key = """-----BEGIN PRIVATE KEY-----
[Your-Private-Key-Here]
-----END PRIVATE KEY-----"""

key = RSA.import_key(private_key)

# Example with Path Parameter
path_payload = 'GET/counterparty/f9c1bcab-5268-44c8-a6d5-65054bdfa46a'
path_hash = hashlib.sha256(path_payload.encode('utf-8')).digest()
path_signature = pkcs1_15.new(key).sign(path_hash)
path_signature_base64 = base64.b64encode(path_signature).decode('utf-8')
  • Resource with Query Parameters Python:
import base64
import hashlib
from Crypto.Signature import pkcs1_15
from Crypto.PublicKey import RSA

private_key = """-----BEGIN PRIVATE KEY-----
[Your-Private-Key-Here]
-----END PRIVATE KEY-----"""

key = RSA.import_key(private_key)

# Example with Query Parameters
query_payload = 'GET/transactions?fromDate=2024-06-26T00:52:28.795Z&toDate=2024-07-27T00:52:28.795Z&status=new'
query_hash = hashlib.sha256(query_payload.encode('utf-8')).digest()
query_signature = pkcs1_15.new(key).sign(query_hash)
query_signature_base64 = base64.b64encode(query_signature).decode('utf-8')