Access to API
Access to API
Learn to authenticate API requests and fix validation errors effectively

Understand the Solidgate validation and authentication process for API requests to gain access to the API and handle validation error messages effectively. Obtain the required credentials, including public and secret keys, and follow the signature creation and webhook validation steps to enable secure payment processing, proper authentication, and error management.

Retrieve your credentials

To start accepting payments, even in the sandbox environment, you’ll require credentials. These credentials are two Public (Merchant ID) and Secret (Private) keys, which should be applied for direct API calls and to check the webhook signature.

Webhook keys have the prefix wh_pk_/wh_sk_, and API keys have the prefix api_pk_/api_sk_

success
You can easily find your credentials in the HUB.

Merchant ID and its Private Key shall be applied to calculate the signature. The signature allows for verifying both the source and the integrity of the request details transmitted between the merchant and gateway.

Generate signature

The value of a signature is a base64-encoded value of the hash function SHA-512. For the encryption key, apply the merchant’s secret key. And for signature data, use the following string merchantId + requestJsonData + merchantId

Parameter Description
merchantId Public Key.
requestJsonData Request body in JSON string.
privateKey Secret Key for signature generation. It’s provided at the moment of merchant registration.
1
2
3
4
5
6
7
8
function generateSignature(string $jsonString): string
{
    return base64_encode(
        hash_hmac('sha512',
            "{{public_key}}" . $jsonString . "{{public_key}}",
            "{{private_key}")
    );
}
1
2
3
4
5
6
7
func GenerateSignature(jsonString string) string {
	payloadData := {{public_key}} + jsonString + {{public_key}}
	keyForSign := []byte({{private_key}})
	h := hmac.New(sha512.New, keyForSign)
	h.Write([]byte(payloadData))
	return base64.StdEncoding.EncodeToString([]byte(hex.EncodeToString(h.Sum(nil))))
}
1
2
3
4
5
fun generateSignature(jsonString: String): String {
    val hmac = hmac("{{public_key}}" + jsonString + "{{public_key}}", "{{private_key}")

    return base64encode(hmac)
}
1
2
3
4
def __generate_signature(jsonString: str) -> str:
    encrypto_data = ("{{public_key}}" + jsonString + "{{public_key}}").encode('utf-8')
    sign = hmac.new("{{private_key}".encode('utf-8'), encrypto_data, hashlib.sha512).hexdigest()
    return base64.b64encode(sign.encode('utf-8')).decode('utf-8')
1
2
3
4
5
function generateSignature(jsonString) {
    var hashed = CryptoJS.HmacSHA512({{public_key}} + jsonString + {{public_key}}, {{private_key}});

    return Buffer.from(hashed.toString()).toString('base64')
}

If signature created is incorrect, you will get the following response:

1
2
3
4
5
6
7
8
{
  "error": {
    "code": "1.01",
    "messages": [
      "Authentication failed"
    ]
  }
}

Authenticate your API request

To authenticate, you should add the following headers to each request:

Header Description Example
Merchant A unique Merchant ID is provided upon registration and must be shared for identification purposes. api_pk_7b197……..ba108f842
Signature The request signature allows verification of the merchant’s authenticity on the payment gateway server. MjNiYjVj…ZhYmMxMzNiZDY=

Solidgate employs a similar Guide
Subscribe for events on your Solidgate account, so your integration can automatically trigger actions.
authentication method
for webhooks, using merchant and signature parameters in headers.

Understand API errors

If you send a wrong request, miss required fields, or provide fields in an incorrect format, you will receive an error response API

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
{
  "error": {
    "code": "2.01",
    "messages": {
      "currency": [
        "Invalid Currency."
      ],
      "customer_email": [
        "This value should not be blank."
      ],
      "ip_address": [
        "This value should not be blank."
      ],
      "order_description": [
        "This value should not be blank."
      ],
      "order_id": [
        "This value should not be blank."
      ],
      "platform": [
        "This value should not be blank."
      ]
    }
  }
}

It is essential to identify potential API errors resulting from incorrect requests, missing mandatory fields, or improper formatting. In such cases, the API generates an error response with specific information, as shown in the example with Guide
Understand why the payment is declined and how you can resolve it.
error code 2.01
. By addressing each field error, you can rectify issues and ensure smoother API operations.


Related articles FAQ

I can’t generate a signature/I am getting an error “1.01” “Authentication failed” during signature creation process
Solidgate HUB - Adding a new user
Solidgate HUB - User management
Solidgate HUB - Logs
Customers’ requests to personal data erasure (GDPR)