Overview

A signature is a 64-digit encrypted string that is crucial to the authorization process.

The signature code ensures and confirms that the information included in the request is genuine and hasn't been modified. The user must first generate a Signature Code and pass it through the login request based on which the system detects and authorizes the request. Any request with an invalid or unmatched Signature will be responded to as unauthorized.

Generate a Signature

Generating a Signature Code requires you to provide the Signature Key located in your Profile details under Company Credentials. Along with the request body, the Signature Key goes through encryption processes to finally get the Signature Code.

📘

A Signature Code for every request

The Signature Code varies for every request, and no two requests will have the same Signature Code.

Signature algorithm

Below is the sample algorithm to generate a Signature Code:

SIGNATURE_KEY : 1234567890 // your signature key

let encode = base64encode(JSON.stringify(req.body));
encode = encode + "SIGNATURE_KEY";
let signature = sha256(encode);

function sha256(str) {
  let hash = crypto.createHash("sha256")update(str).digest("hex");
  return hash;
}

Algorithm breakdown

• The first encoding represents the Base64 encoding of the Request Body
• The second encoding is performed to the first encoded result with the Signature Key
• SHA256 algorithm is applied to the second encoded result
• A Hexa Stash Code is generated with the SHA256 string
• The result of the process is your Signature Code

Here's a sample Signature Code:

📘

Possible Responses

❌ In case of Signature Key mismatch, an "Unauthorized or Invalid" response will be reflected
⚠️ If the process encounters a technical error, the system will respond to the request as "Technical/Internal/Server Error"