Authentication (HMAC)
All API endpoints (POST /v1/payments, GET /v1/payments/:paymentId) require the headers below.
Signing
Section titled “Signing”Concatenate with newline \n:
timestamp + "\n" + METHOD + "\n" + path + "\n" + sha256(rawBody)- timestamp: Unix seconds; must be within ±5 minutes of server time.
- path: URL path with leading
/, without query, e.g./v1/paymentsor/v1/payments/p_01HXXX. - rawBody: Raw request body bytes; for GET, SHA-256 of the empty string, hex-encoded.
- Signature:
HMAC-SHA256(apiSecret, payload above).hex().
Headers
Section titled “Headers”Content-Type: application/jsonAuthorization: Influx-HMAC-SHA256 ApiKey=<ApiKey>,Timestamp=<unix>,Signature=<hex>Content-Type is required for POST; GET has no body but should still send the header.
Examples
Section titled “Examples”POST create payment
Section titled “POST create payment”POST {baseUrl}/v1/paymentsContent-Type: application/jsonAuthorization: Influx-HMAC-SHA256 ApiKey=ak_live_xxx,Timestamp=1714291200,Signature=a1b2c3...
{"orderNo":"ORDER-001","tokenSymbol":"USDT","amount":"10.50","expireSec":1800,"notifyUrl":"https://merchant.example.com/webhook"}GET query payment
Section titled “GET query payment”GET {baseUrl}/v1/payments/p_01HXXXAuthorization: Influx-HMAC-SHA256 ApiKey=ak_live_xxx,Timestamp=1714291200,Signature=d4e5f6...Unauthorized (401)
Section titled “Unauthorized (401)”{ "error": "UNAUTHORIZED", "message": "Merchant HMAC authorization is required"}See Error codes for more.