Security
MAC (Message Authentication Code), an algorithm that confirms that a given message comes from its sender and that the data in the message has not been altered.
Signature
Every request to Vita Business API must be signed using HMAC-SHA256 algorithm, and the signature's content included in the Autorización header as documented below. This header must have as a prefix the signature version and hash function used, which is currently V2-HMAC-SHA256.
Header
Type
Description
x-date
String
ISO8601 Datetime with Timezone. For instance2018-07-12T13:46:28.629Z
x-login
String
Business xLogin
x-api-key
String
Business xTransKey
Content-Type
String
application/json
Authorization
String
<auth version>, Signature: <hmac(secretKey, "X-Login+X-Date+RequestBody")>
Authorization header example
Authorization: V2-HMAC-SHA256, Signature: 80ebe700c5db952bd4c60ae53fe1971ec6e4fe84dc0922b67eca6b3e18707260HAMC signatures generation examplesin the most popular programming languages.
RequestBody = hash.sort.join
signature = OpenSSL::HMAC.hexdigest('sha256', secretKey, "#{$X-Login}#{$X-Date}#{RequestBody}")
To use the services of Vita Business, you will need to register the IP addresses in the integration section. Once your tests are successful, you will need to contact us at ayuda@vitawallet.io to register your merchant's IP addresses in the production environment.
NOTE
The IP addresses in the production environment MUST be STATIC (they must not vary)
The request hash was joined into a single string of all key-value pairs, alphabetically sorted and concatenated without separators.
If the request body is null, then the signature must be calculated without the request body.
Example
hash = { "order": "xyz", "amount": 400 }
RequestBody = hash.sort.join
# amount400orderxyz
Última actualización