GuidesAPI ReferenceSDKsChangelog

Authentication

Ensure you have your API credentials (API Key and API Secret) before proceeding.
Contact our support team if you need assistance obtaining these credentials.

Use distinct API credentials for Sandbox and Production environments.
Production API keys are not valid in the Sandbox environment and vice versa.

Required Headers

All API requests must include the following headers:

Header Type Required Description
X-API-KEY string Yes Your unique API key provided by DollarPe. This key identifies your application.
X-TIMESTAMP integer Yes The current Unix timestamp in seconds. This helps prevent replay attacks.
X-SIGNATURE string Yes An HMAC SHA256 signature of the request, encoded in Base64. This signature verifies the integrity and authenticity of the request.

Generating the Signature

The signature is a critical component of the authentication process. Follow these steps to generate it:

const crypto = require("crypto");

/**
 * Generates authentication headers for API requests.
 * @param {string} apiKey - Your API key.
 * @param {string} apiSecret - Your API secret.
 * @param {Object} [body={}] - The request body.
 * @returns {Object} - The headers object containing authentication details.
 */

const generateHeaders = (apiKey, apiSecret, body = {}) => {
  const timestamp = Math.floor(Date.now() / 1000);

  const sortedBody = JSON.stringify(body, Object.keys(body).sort());
  const message = `${apiKey}|${timestamp}|${sortedBody}`;

  const signature = crypto
    .createHmac("sha256", apiSecret)
    .update(message)
    .digest("base64");

  return {
    "X-API-KEY": apiKey,
    "X-TIMESTAMP": timestamp.toString(),
    "X-SIGNATURE": signature,
  };
};

import time
import json
import hmac
import base64
import hashlib

def generate_headers(api_key, api_secret, body={}):
    """
    Generates authentication headers for API requests.

    :param api_key: Your API key.
    :param api_secret: Your API secret.
    :param body: The request body (default is {}).
    :return: A dictionary containing the authentication headers.
    """
    # Get current timestamp
    timestamp = int(time.time())

    # Sort and stringify the body
    sorted_body = json.dumps(body, sort_keys=True)

    # Create message string
    message = f"{api_key}|{timestamp}|{sorted_body}"

    # Generate signature
    signature = base64.b64encode(
        hmac.new(
            api_secret.encode('utf-8'),
            message.encode('utf-8'),
            hashlib.sha256
        ).digest()
    ).decode('utf-8')

    return {
        'X-API-KEY': api_key,
        'X-TIMESTAMP': str(timestamp),
        'X-SIGNATURE': signature
    }

import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import java.nio.charset.StandardCharsets;
import java.util.Base64;
import java.util.HashMap;
import java.util.Map;
import java.util.TreeMap;
import com.fasterxml.jackson.databind.ObjectMapper;

public class HeaderGenerator {
    private static final ObjectMapper objectMapper = new ObjectMapper();

    /**
     * Generates authentication headers for API requests.
     *
     * @param apiKey Your API key.
     * @param apiSecret Your API secret.
     * @param body The request body.
     * @return A map containing the authentication headers.
     * @throws Exception If an error occurs during header generation.
     */
    public static Map<String, String> generateHeaders(String apiKey, String apiSecret, Map<String, Object> body) throws Exception {
        // Get current timestamp
        long timestamp = System.currentTimeMillis() / 1000;

        // Sort and stringify the body
        String sortedBody = "{}";
        if (body != null) {
            TreeMap<String, Object> sortedMap = new TreeMap<>(body);
            sortedBody = objectMapper.writeValueAsString(sortedMap);
        }

        // Create message string
        String message = String.format("%s|%d|%s", apiKey, timestamp, sortedBody);

        // Generate signature
        Mac sha256Hmac = Mac.getInstance("HmacSHA256");
        SecretKeySpec secretKey = new SecretKeySpec(
            apiSecret.getBytes(StandardCharsets.UTF_8), 
            "HmacSHA256"
        );
        sha256Hmac.init(secretKey);
        String signature = Base64.getEncoder().encodeToString(
            sha256Hmac.doFinal(message.getBytes(StandardCharsets.UTF_8))
        );

        // Create headers map
        Map<String, String> headers = new HashMap<>();
        headers.put("X-API-KEY", apiKey);
        headers.put("X-TIMESTAMP", String.valueOf(timestamp));
        headers.put("X-SIGNATURE", signature);

        return headers;
    }
}

Example Usage

Here's how to use the generated headers in an API request:

const apiKey = "your-api-key";
const apiSecret = "your-api-secret";

const requestBody = {
  asset: "USDT",
  network: "BSC",
  amount: 100.5,
};

const headers = generateHeaders(apiKey, apiSecret, requestBody);

// Make API request
fetch("https://sandbox.dollarpe.xyz/pos/api/v1/payout/fetch-rate", {
  method: "POST",
  headers: {
    "Content-Type": "application/json",
    ...headers,
  },
  body: JSON.stringify(requestBody),
});