Home
Guides
Alchemy Pay

Signature Description

Suggest Edits

Introduction

  • ach-access-sign request header:
  • It is the HMAC SHA256 encrypted result of timestamp + method + requestPath + body using the SecretKey, encoded in Base-64.
  • The parameters in requestPath follow the same rules as the body. The values inside a list are sorted in the following order: integer, float/double, string.
  • Within each type, the values are sorted alphabetically. For lists and objects, they are sorted based on their position in the array. Nested structures such as objects and lists are recursively sorted following the same rules. Null and empty values are excluded from the sorting process (empty lists [], empty dictionaries {}).

Signature String Example

  • Example: {{“x”: 1, “y”: 2}, 1, 3, 2, -4, 1.1, “xxxxx”, “yyyy”, “jscx”, 0, “sss”,{“z”:2,”x”:1,”a”:””}}
  • Sorted: {-4,0,1,2,3,1.1,”jscx”,”sss”,”xxxxx”,”yyy”,{“x”: 1, “y”: 2},{“x”: 1, “z”: 2}}

Important Notes

  • It should be noted that the sorting of data in lists during transmission should ideally not have any relevance to the transmitted content. If there are parameters in both the Path and body, each should be sorted separately, and then combined in the order of concatenation (timestamp + method + requestPath + body) for signature. Example: timestamp = 1538054050234, GET request, path=/api/v1/crypto/order?order_no=sdf23&token=ETH, Body is empty. The signature content would be "1538054050234" + "GET" + "/api/v1/crypto/order?order_no=sdf23&token=ETH"
  • The value of timestamp is the same as the ach-access-timestamp request header, following the ISO format. It represents Unix time in milliseconds as a thirteen-digit timestamp. Example: 1538054050231 method is the request method, with all letters capitalized. Example: GET/POST requestPath is the path of the requested API, case-sensitive. If the URL ends with a /, it should still be included. Example: /api/v1/crypto/order
  • body refers to the string representation of the request body. If there is no request body (typically for GET requests), the body can be omitted. The order within the body is also based on dictionary sorting. Empty values are not included in the signature. Any parameters that are empty will be filtered out and not included in the signature. Example: '1538054051230' + 'GET' + '/api/v1/crypto/token/price' + body secretKey and apiKey are case-sensitive. HMAC SHA256 is used to sign the hash string using the secret key. The signature is encoded in Base64 format.

Updated about 1 year ago