In order to interact with Smarty Pay, some of your requests must be authenticated. We use API keys (and secrets) to authenticate requests.
You can view and manage your API keys in the Backoffice UI.
Please note that every staging and production API Keys/Secrets are not the same.
Authentication information is passed through several HTTP headers listed below.
Header
Description
Example
x-api-key
API Key
TVs1OAkZXCZ0Azk0Qd9rFMxIYKVlLSUg
x-api-sig
Request signature in hex
5ef1c...de684c2602980cf03292abf
x-api-ts
Timestamp of this request (in seconds)
1623659516033
Signing requests
Smarty Pay uses HMAC-SHA256 algorithm to create a signature (or so-called message authentication code) using provided API Secret. To create a message/payload to sign the following information needs to be concatenated in a single string (without separators):
This signature, as well as API Key and timestamp, should be placed in the HTTP headers of the request according to the table in the previous section.
You can double-check your calculation using this online tool.
Code examples
Create invoice with signature
// This code must be on your backend side// Do not send your Secret into Client Browser!// you special data from smartypay:constapiPublicKey='YBSs200ehQr4KPlyZUaunGaY049yCpsH';constapiBackendSecret='DocmTHXBnPSdXrXKwdB3m4fTFlytV0nY5e3dMCh4LZLQHMxy6ifWDBaLeevMC4Jp';// data for invoice:constamount='60 btBUSD';constinvoiceLiveTime=1000*60*60; // 1 hourconstnow=Date.now();constnowInSec=Math.round(now /1000).toString();constexpiresAt=newDate(now + invoiceLiveTime).toISOString();constbody=JSON.stringify({ amount, expiresAt,});constmessageToSign= nowInSec +'POST/integration/invoices'+ body;constsignature=sha256.hmac(apiBackendSecret, messageToSign);// create invoice requestconstresp=awaitfetch('http://api.smartypay.io/integration/invoices', { method:'POST', headers: {'Accept':'application/json','Content-Type':'application/json','x-api-key': apiPublicKey,'x-api-sig': signature,'x-api-ts': nowInSec, }, body});constrespData=awaitresp.json();constinvoiceId=respData.invoice.id;// params to open invoiceconstparams=newURLSearchParams();params.set('invoice-id', invoiceId);// additional params:// params.set('name', 'Item Name to Buy');// params.set('success-url', 'https://...');// params.set('fail-url', 'https://...');// final url be like "https://checkout.smartypay.io/invoice?invoice-id=XXXXXXX"consturlToRedirect='https://checkout.smartypay.io/invoice?'+params.toString();
Create subscription with signature
// This code must be on your backend side// Do not send your Secret into Client Browser!// you special data from smartypay:constapiPublicKey='YBSs200ehQr4KPlyZUaunGaY049yCpsH';constapiBackendSecret='DocmTHXBnPSdXrXKwdB3m4fTFlytV0nY5e3dMCh4LZLQHMxy6ifWDBaLeevMC4Jp';// Data for subscription address:// This data is for example, use your dataplanId ='FlhFQYGcSH2-EtR03avJvw'; // your plan idasset ='btBUSD';customerId ='667317'; // your company idstartFrom ='2023-01-13T14:07:11Z';payer ='0x60957B6C6C0A194422F6370A00806695FE941b83'; // payer addressconstnow=Date.now();constnowInSec=Math.round(now /1000).toString();constbody=JSON.stringify({ planId, asset, customerId, startFrom, payer,});constmessageToSign= nowInSec +'POST/integration/subscriptions'+ body;constsignature=sha256.hmac(apiBackendSecret, messageToSign);// create subscription requestconstresp=awaitfetch('http://api.smartypay.io/integration/subscriptions', { method:'POST', headers: {'Accept':'application/json','Content-Type':'application/json','x-api-key': apiPublicKey,'x-api-sig': signature,'x-api-ts': nowInSec, }, body});constrespData=awaitresp.json();constcontractAddress=respData.contractAddress;