Signing Your Requests
To ensure the integrity and authenticity of your requests, you must sign them using your private key.
-
Create the signature:
- Concatenate the HTTP method, full resource (with any query or path parameters), and the JSON payload (if any) in this exact order.
- Generate a SHA-256 hash of this content.
- Sign this hash with your private key
-
Include the following headers in your API request:
x-api-key
: Your API key.x-signature
: The Base64-encoded signature from step 1.
-
Request verification:
The Global Payments API server will use your registered public key to verify the signature and ensure the request is authentic and has not been altered. -
Code samples
- Resource with Path Parameter Node.js:
import * as crypto from 'crypto';
const privateKey = `-----BEGIN PRIVATE KEY-----
[Your-Private-Key-Here]
-----END PRIVATE KEY-----`;
// Example with Path Parameter
const pathPayload = 'GET/counterparty/f9c1bcab-5268-44c8-a6d5-65054bdfa46a';
const pathSignature = crypto.createSign('RSA-SHA256');
pathSignature.update(pathPayload);
const pathSignatureResult = pathSignature.sign(privateKey, 'base64');
- Resource with Query Parameters Node.js:
import * as crypto from 'crypto';
const privateKey = `-----BEGIN PRIVATE KEY-----
[Your-Private-Key-Here]
-----END PRIVATE KEY-----`;
// Example with Query Parameters
const queryPayload = 'GET/transactions?fromDate=2024-06-26T00:52:28.795Z&toDate=2024-07-27T00:52:28.795Z&status=new';
const querySignature = crypto.createSign('RSA-SHA256');
querySignature.update(queryPayload);
const querySignatureResult = querySignature.sign(privateKey, 'base64');
- Resource with Path Parameter Python:
import base64
import hashlib
from Crypto.Signature import pkcs1_15
from Crypto.PublicKey import RSA
private_key = """-----BEGIN PRIVATE KEY-----
[Your-Private-Key-Here]
-----END PRIVATE KEY-----"""
key = RSA.import_key(private_key)
# Example with Path Parameter
path_payload = 'GET/counterparty/f9c1bcab-5268-44c8-a6d5-65054bdfa46a'
path_hash = hashlib.sha256(path_payload.encode('utf-8')).digest()
path_signature = pkcs1_15.new(key).sign(path_hash)
path_signature_base64 = base64.b64encode(path_signature).decode('utf-8')
- Resource with Query Parameters Python:
import base64
import hashlib
from Crypto.Signature import pkcs1_15
from Crypto.PublicKey import RSA
private_key = """-----BEGIN PRIVATE KEY-----
[Your-Private-Key-Here]
-----END PRIVATE KEY-----"""
key = RSA.import_key(private_key)
# Example with Query Parameters
query_payload = 'GET/transactions?fromDate=2024-06-26T00:52:28.795Z&toDate=2024-07-27T00:52:28.795Z&status=new'
query_hash = hashlib.sha256(query_payload.encode('utf-8')).digest()
query_signature = pkcs1_15.new(key).sign(query_hash)
query_signature_base64 = base64.b64encode(query_signature).decode('utf-8')