Learn to authenticate API requests and fix validation errors effectively
Understand the Solidgate validation and authentication process for API requests to gain access to the API and handle validation error messages effectively. Obtain the required credentials, including public and secret keys, and follow the signature creation and webhook validation steps to enable secure payment processing, proper authentication, and error management.
Retrieve your credentials
To start accepting payments, even in the sandbox environment, you’ll require credentials. These credentials are two Public (
publicKey
) and Secret (
secretKey
) keys, which should be applied for direct API calls and to check the webhook signature.
Obtain the keys from the personal account in the HUB by navigating to the Developers section and then proceeding to the Channel details page of the specific Channel:
API keys have the prefix api_pk_/api_sk_
Webhook keys have the prefix wh_pk_/wh_sk_
Public Key and Secret Key shall be applied to calculate the signature. The signature allows for verifying both the source and the integrity of the request details transmitted between the merchant and gateway.
Generate signature
The signature value is a base64-encoded string, which is a hexadecimal representation of the SHA-512 hash function. The encryption key utilized for this is the Secret Key. And for signature data, use the following string publicKey + jsonString + publicKey
For
GET
requests, which do not have a body, the signature data must simply be publicKey + publicKey
*Both Public Key and Secret Key are provided at the moment of merchant registration and are used for signature generation. These keys play a vital role in generating secure signatures for authentication and verification purposes.
The generateSignature function takes the data and a secret key as parameters.
Generate the HMAC-SHA512 hash using the secret key and data.
Get the hexadecimal representation of the hash.
Encode hexadecimal representation of the hash directly to Base64.
require'openssl'require'base64'defgenerate_signature(public_key,json_string,secret_key)digest=OpenSSL::Digest.new('sha512')instance=OpenSSL::HMAC.new(secret_key,digest)instance.update(public_key+json_string+public_key)Base64.strict_encode64(instance.hexdigest)end# Example usagepublic_key="api_pk_8f8a8k8e8k8e8y8"json_string='{"amount": "100", "currency": "USD"}'secret_key="api_sk_8f8a8k8e8k8e8y8"signature=generate_signature(public_key,json_string,secret_key)puts"Signature value: #{signature}"
Authenticate your API request
To authenticate, you should add the following headers to each request:
Header
Description
Example
merchant
A unique Public Key is provided upon registration and must be shared for identification purposes.
api_pk_7b197……..ba108f842
signature
The request signature allows verification of the merchant’s authenticity on the payment gateway server.
MjNiYFdSdjVj……..hYmNiZDY=
Solidgate employs a similar
Guide
Subscribe for events on your Solidgate account, so your integration can automatically trigger actions.
authentication method
for webhooks, using merchant and signature parameters in headers.
If signature created is incorrect, you will get the following response:
A systematic DNS check is a process where your system regularly performs DNS lookups for a specified domain, ensuring the latest IP addresses associated with that domain are always known.
This ensures that your system maintains an up-to-date list of IP addresses it should allow access.
Choose a DNS query tool Use standard OS tools like nslookup or dig, or opt for specialized libraries based on your programming language.
Automate regular checks Use an OS task scheduler (e.g., Linux’s cron) or another tool to auto-run DNS queries at regular intervals. It’s advisable to run checks at least hourly.
Execute DNS lookup for Solidgate domains Query Solidgate-specific domains (form.solidgate.com, pay.solidgate.com, gate.solidgate.com, etc) to retrieve their associated IP addresses.
Update allowed IP address list Based on the DNS query results, refresh the allowed IP addresses in your firewall or security tool. Ensure outdated or invalid IPs are removed.
Verify setup integrity After updating, ensure your system processes requests originating from the latest IP addresses properly.
Systematic DNS checks for Solidgate offer multiple benefits: they ensure uninterrupted interaction between your system and Solidgate, even when IP addresses change, preventing unauthorized access by blocking requests from unauthorized IPs, thereby minimizing attack risks. These checks also ensure your system works with the latest data, so you don’t miss notifications or
Guide
Subscribe for events on your Solidgate account, so your integration can automatically trigger actions.
webhooks
.
Furthermore, they automate IP list updates, saving time and resources in maintaining security.