Ramp Signature Description

Applicable to the On Ramp/Off Ramp interface.

Signature Parameters

ElementDescriptionRemarks
timestampThirteen-digit timestamp1538054050234
httpMethodRequest Method GET/POSTrequest method must be in uppercase.
requestPathRequest Pathon ramp:/index/rampPageBuy
off ramp: /index/rampPageSell
bodyStringbodyStringGET:empty
POST:body parameters

Step 1: Generate An Encrypted String

The signature string is fixed as follows: timestamp + httpMethod + requestPath + bodyString.

For the parameters in requestPath, sort them in dictionary order and remove any empty values.

Finally, encrypt using HMAC SHA256 with the SecretKey and encode it using Base64 to obtain the sign.

On Ramp Example:

request link:https://ramptest.alchemypay.org?appId=f83Is2y7L425rxl8&crypto=USDT&network=ETH&showTable=buy&fiat=USD&fiatAmount=30&timestamp=1538054050234&sign=JY9JcOwBosncT19Nn9DIfTH%2BvfSt6xL%2BI%2BRVCl9YGgE%3D

  • httpMethod:GET
  • requestPath:/index/rampPageBuy
  • bodyString:

Signature String :
1538054050234GET/index/rampPageBuy?appId=f83Is2y7L425rxl8&crypto=USDT&fiat=USD&fiatAmount=30&network=ETH&showTable=buy&timestamp=1538054050234

Off Ramp Example

request link:https://ramptest.alchemypay.org?appId=f83Is2y7L425rxl8&crypto=USDT&network=ETH&showTable=sell&fiat=USD&cryptoAmount=30&timestamp=1538054050234&sign=615hNootKL4aScndVHxqRnuZzoLDCJU%2FBzhHj913qlk%3D

  • timestamp:1538054050234
  • httpMethod:GET
  • requestPath:/index/rampPageSell
  • bodyString:

Signature String:
1538054050234GET/index/rampPageSell?appId=f83Is2y7L425rxl8&crypto=USDT&cryptoAmount=30&fiat=USD&network=ETH&showTable=sell&timestamp=1538054050234

Step Two: Generate Your Signature

Use the encrypted string and secret as parameters to generate a signature as follows

package v4.onramp;

import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.util.Map;
import java.util.TreeMap;
import java.util.stream.Collectors;
//example for onramp
public class V4OnrampPage{

    public static void main(String[] args) throws Exception {
        // Generate current timestamp in milliseconds
        String timestamp = String.valueOf(System.currentTimeMillis());
        String httpMethod = "GET";
        String requestPath = "/index/rampPageBuy";// onramo:/index/rampPageBuy offramp:/index/rampPageSell
        String secretKey = "*****"; // relpace with your secretKey
        String appId = "*****"; // relpace with your appId
        //Replace with the token from the getToken API.
        //String token = "****";
        // Request parameters
        Map<String, String> paramsToSign = new TreeMap<>();
        paramsToSign.put("crypto", "USDT");
        //paramsToSign.put("token", token);
        paramsToSign.put("fiatAmount", "200");
        paramsToSign.put("fiat", "USD");
        paramsToSign.put("merchantOrderNo", "1731231234567890123455");//Cannot be repeated
        paramsToSign.put("network", "BSC");
        paramsToSign.put("address", "0x7e86364e372402132249e09575b4a4928203ae75");
        paramsToSign.put("callbackUrl", "https://google.com");
        paramsToSign.put("redirectUrl", "https://google.com");
        paramsToSign.put("timestamp", timestamp);
        paramsToSign.put("appId", appId);

        // Create the string to sign
        String rawDataToSign = getStringToSign(paramsToSign);
        requestPath += "?" + rawDataToSign;

        // Generate the signature
        String signature = generateSignature(timestamp, httpMethod, requestPath, secretKey);
        // urlencode token parameter
        paramsToSign.put("token",URLEncoder.encode(token, "UTF-8"));
        String rawData = getStringToSign(paramsToSign);

        // Print the results
        System.out.println("On Ramp Signature: " + signature);
        System.out.println("final link: " + "https://ramptest.alchemypay.org?" + rawData + "&sign=" + signature);
    }

    private static String generateSignature(String timestamp, String httpMethod, String requestPath, String secretKey) throws Exception {
        String signatureString = timestamp + httpMethod + requestPath;
        System.out.println("signatureString: " + signatureString);

        Mac sha256Hmac = Mac.getInstance("HmacSHA256");
        SecretKeySpec secretKeySpec = new SecretKeySpec(secretKey.getBytes(StandardCharsets.UTF_8), "HmacSHA256");
        sha256Hmac.init(secretKeySpec);

        byte[] hash = sha256Hmac.doFinal(signatureString.getBytes(StandardCharsets.UTF_8));
        String signature = java.util.Base64.getEncoder().encodeToString(hash);
        System.out.println("signature: " + signature);
        return URLEncoder.encode(signature, StandardCharsets.UTF_8.toString());
    }

    private static String getStringToSign(Map<String, String> params) {
        return params.entrySet().stream()
                .filter(entry -> entry.getValue() != null && !entry.getValue().isEmpty())
                .map(entry -> entry.getKey() + "=" + entry.getValue())
                .collect(Collectors.joining("&"));
    }
}

<?php

function generateSignature($timestamp, $httpMethod, $requestPath, $secretKey) {
    // Concatenate parameters for signature string
    $signatureString = $timestamp . $httpMethod . $requestPath ;

    echo "\n"."signatureString:".$signatureString;

    // Generate HMAC SHA256 signature using the secret key
    $signature = base64_encode(hash_hmac('sha256', $signatureString, $secretKey, true));

    return urlencode($signature);
}

//Sort the parameters in lexicographical order
function getStringToSign($params) {
    ksort($params);
    $s2s = '';
    foreach ($params as $k => $v) {
      if (is_array($v)) {
        continue;
      } else if (!empty($v)) {
        $s2s .= "{$k}={$v}&";
      }
    }
    return rtrim($s2s, '&');
}


// Example for On Ramp
$onRampHttpMethod = "GET";
$onRampRequestPath = "/index/rampPageBuy";//onRamp use this: '/index/rampPageBuy' and offRamp use this:' /index/rampPageSell'
$timestamp = strval(time() * 1000);

$appId= "*****";//replace it with your appId
$appSecret = "*****";// replace it with your appSecret

//request parameters
$paramsToSign = array(
  'crypto' => 'BTC',
  'network' => 'ETH',
  'showTable' => 'buy',
  'fiat' => 'USD',
  'fiatAmount' => '30',
  'merchantOrderNo' => '123123',//Modify it, and it must not be repeated.
  'timestamp' => $timestamp,
  'appId' => $appId,
);

$rawDataToSign = getStringToSign($paramsToSign);
$onRampRequestPath .= "?".$rawDataToSign;
$onRampSignature = generateSignature($timestamp, $onRampHttpMethod, $onRampRequestPath, $appSecret);

echo "\n"."On Ramp Signature: " . $onRampSignature . PHP_EOL;
echo "final link: "."https://ramptest.alchemypay.org?".$rawDataToSign.$onRampSignature.PHP_EOL;

?>

const crypto = require('crypto');
//const querystring = require('querystring');

// Function to generate HMAC SHA256 signature
function generateSignature(timestamp, httpMethod, requestPath, secretKey) {
    // Concatenate parameters for signature string
    const signatureString = timestamp + httpMethod + requestPath;
    console.log("\n" + "signatureString:" + signatureString);

    // Generate HMAC SHA256 signature using the secret key
    const hmac = crypto.createHmac('sha256', secretKey);
    hmac.update(signatureString);
    const signature = hmac.digest('base64');

    return encodeURIComponent(signature);
}

// Function to sort parameters and return a string to sign
function getStringToSign(params) {
    const sortedKeys = Object.keys(params).sort();
    const s2s = sortedKeys
        .map(key => {
            const value = params[key];
            if (Array.isArray(value) || value === '') {
                return null;
            }
            return `${key}=${value}`;
        })
        .filter(Boolean)
        .join('&');
    
    return s2s;
}

// Example for On Ramp
const onRampHttpMethod = 'GET';
const onRampRequestPath = '/index/rampPageBuy'; 
const timestamp = String(Date.now());

const appId = '******';//Replace it with your appID
const appSecret = '*****';//Replace it with your appSecret

// Request parameters
const paramsToSign = {
    crypto: 'USDT',
    fiat: 'USD',
    fiatAmount: '30',
    merchantOrderNo: '133123123456',// Modify it, and it must not be repeated.
    network: 'TRX',
    timestamp: timestamp,
    appId: appId
};

const rawDataToSign = getStringToSign(paramsToSign);
const requestPathWithParams = onRampRequestPath + '?' + rawDataToSign;
const onRampSignature = generateSignature(timestamp, onRampHttpMethod, requestPathWithParams, appSecret);

console.log("\n" + "On Ramp Signature: " + onRampSignature);
console.log("Final link: " + "https://ramptest.alchemypay.org?" + rawDataToSign + '&sign=' + onRampSignature);

package main

import (
	"crypto/hmac"
	"crypto/sha256"
	"encoding/base64"
	"fmt"
	"net/url"
	"sort"
	"strconv"
	"strings"
	"time"
)

func main() {
	// Example: On Ramp
	onRampHttpMethod := "GET"
	onRampRequestPath := "/index/rampPageBuy"
	timestamp := strconv.FormatInt(time.Now().UnixNano()/int64(time.Millisecond), 10)

	appId := "******"//replace with your appId
	onRampSecretKey := "*******" //replace with your appSecret

	// Request parameters
	paramsToSign := map[string]string{
		"crypto":          "USDT",
		"fiatAmount":      "2",
		"fiat":            "USD",
		"merchantOrderNo": "1631231234567890123451",//replace with your merchantOrderNo
		"network":         "BSC",
		"callbackUrl":     "https://google.com",
		"redirectUrl":     "https://google.com",
		"timestamp":       timestamp,
		"appId":           appId,
	}

	rawDataToSign := getStringToSign(paramsToSign)
	onRampRequestPath += "?" + rawDataToSign
	onRampSignature := generateSignature(timestamp, onRampHttpMethod, onRampRequestPath, onRampSecretKey)

	fmt.Printf("On Ramp Signature: %s\n", onRampSignature)
	fmt.Printf("Final link: https://ramptest.alchemypay.org?%s&sign=%s\n", rawDataToSign, onRampSignature)
}

func generateSignature(timestamp, httpMethod, requestPath, secretKey string) string {
	// Concatenate the string for signing
	signatureString := timestamp + httpMethod + requestPath
	fmt.Printf("rawDataToSign: %s\n", signatureString)


	// Generate HMAC SHA256 signature using the key
	mac := hmac.New(sha256.New, []byte(secretKey))
	mac.Write([]byte(signatureString))
	signature := base64.StdEncoding.EncodeToString(mac.Sum(nil))

	return url.QueryEscape(signature)
}

func getStringToSign(params map[string]string) string {
	var keys []string
	for k := range params {
		keys = append(keys, k)
	}
	sort.Strings(keys)

	var s2s strings.Builder
	for _, k := range keys {
		if v, ok := params[k]; ok && v != "" {
			s2s.WriteString(fmt.Sprintf("%s=%s&", k, v))
		}
	}
	return strings.TrimRight(s2s.String(), "&")
}