Signature Authentication Code Examples
Below are very simple example secret key signature authentication implementations of authentication in a couple of different languages.
Each example is annotated with todo notes that you must address before the code is usable. Examples contain at least an HTTP JSON API call with a signature against the Wyre production API (the testwyre.com environment URI is commented out but included).
<?php
function make_authenticated_request($endpoint, $method, $body) {
// $url = 'https://api.testwyre.com'; // todo use this endpoint for testwyre environment
$url = 'https://api.sendwyre.com';
// todo please replace these with your own keys for the correct environment
$api_key = "AK-AAAAAAA-AAAAAAA-AAAAAAA-AAAAAAA";
$secret_key = "SK-AAAAAAA-AAAAAAA-AAAAAAA-AAAAAAA";
$timestamp = floor(microtime(true)*1000);
$request_url = $url . $endpoint;
if(strpos($request_url,"?"))
$request_url .= '×tamp=' . sprintf("%d", $timestamp);
else
$request_url .= '?timestamp=' . sprintf("%d", $timestamp);
if(!empty($body))
$body = json_encode($body, JSON_FORCE_OBJECT);
else
$body = '';
$headers = array(
"Content-Type: application/json",
"X-Api-Key: ". $api_key,
"X-Api-Signature: ". calc_auth_sig_hash($secret_key, $request_url . $body)
);
$curl = curl_init();
if($method=="POST"){
$options = array(
CURLOPT_URL => $request_url,
CURLOPT_POST => true,
CURLOPT_POSTFIELDS => $body,
CURLOPT_RETURNTRANSFER => true);
}else {
$options = array(
CURLOPT_URL => $request_url,
CURLOPT_RETURNTRANSFER => true);
}
curl_setopt_array($curl, $options);
curl_setopt($curl, CURLOPT_HTTPHEADER, $headers);
$result = curl_exec($curl);
curl_close($curl);
var_dump($result);
return json_decode($result, true);
}
function calc_auth_sig_hash($seckey, $val) {
$hash = hash_hmac('sha256', $val, $seckey);
return $hash;
}
// try to retrieve the current account
echo make_authenticated_request("/v2/account", "GET", array());
// perform a transfer
$transfer = array(
"sourceCurrency"=>"USD",
"dest"=>"account:AC-XXXXXXXX", // replace with your account ID
"sourceAmount"=> "100.50",
"destCurrency"=> "BTC",
"message"=> "convert USD to bitcoin"
);
echo make_authenticated_request("/v2/transfers", "POST", $transfer);
?>
using System;
using System.Collections.Generic;
using System.IO;
using System.Net;
using System.Security.Cryptography;
using System.Text;
using System.Linq;
using Newtonsoft.Json.Linq;
using Newtonsoft.Json;
namespace testauthwyre
{
class MainClass
{
public static void Main(string[] args)
{
WyreApi wyre = new WyreApi();
HttpWebResponse accountResponse = wyre.Get("/v2/account");
Console.WriteLine(GetResponseBody(accountResponse));
Dictionary<string, object> body = new Dictionary<string, object>();
body.Add("sourceCurrency", "USD");
body.Add("destCurrency", "BTC");
body.Add("sourceAmount", "50.50");
body.Add("dest", "account:AC-XXXXXX"); // todo use your real account ID here
HttpWebResponse transferResponse = wyre.Post("/v2/transfers", body);
Console.WriteLine(GetResponseBody(transferResponse));
}
private static string GetResponseBody(HttpWebResponse response)
{
return JObject.Parse(new StreamReader(response.GetResponseStream()).ReadToEnd()).ToString(Formatting.Indented);
}
}
public class WyreApi
{
private const String domain = "https://api.sendwyre.com";
// private const String domain = "https://api.testwyre.com"; // todo use this endpoint for Wyre's testing environmnemt
// todo replace these with your api private and secret keys
private const String apiKey = "AK-AAAAAAAA-AAAAAAAA-AAAAAAAA-AAAAAAAA";
private const String secKey = "SK-AAAAAAAA-AAAAAAAA-AAAAAAAA-AAAAAAAA";
public HttpWebResponse Get(string path)
{
return Get(path, new Dictionary<string, object>());
}
public HttpWebResponse Get(string path, Dictionary<string, object> queryParams)
{
return Request("GET", path, queryParams);
}
public HttpWebResponse Post(string path, Dictionary<string, object> body)
{
return Request("POST", path, body);
}
private HttpWebResponse Request(string method, string path, Dictionary<string, object> body)
{
Dictionary<string, object> queryParams = new Dictionary<string, object>();
if (method.Equals("GET"))
queryParams = body;
queryParams.Add("timestamp", DateTimeOffset.UtcNow.ToUnixTimeMilliseconds());
string queryString = queryParams.Aggregate("", (previous, current) => previous + "&" + current.Key + "=" + current.Value).Remove(0, 1);
string url = domain + path + "?" + queryString;
HttpWebRequest request = (HttpWebRequest)WebRequest.Create(url);
request.Method = method;
request.ContentType = "application/json";
request.AutomaticDecompression = DecompressionMethods.GZip | DecompressionMethods.Deflate;
if (!method.Equals("GET"))
{
url += JsonConvert.SerializeObject(body);
using (StreamWriter writer = new StreamWriter(request.GetRequestStream()))
writer.Write(JsonConvert.SerializeObject(body));
}
request.Headers["X-Api-Key"] = apiKey;
request.Headers["X-Api-Signature"] = CalcAuthSigHash(secKey, url);
try
{
return (HttpWebResponse)request.GetResponse();
}
catch(WebException e)
{
string msg = new StreamReader(e.Response.GetResponseStream()).ReadToEnd();
Console.WriteLine(msg);
throw new SystemException(msg);
}
}
private byte[] GetBytes(string str)
{
return Encoding.UTF8.GetBytes(str);
}
private string GetString(byte[] bytes)
{
return BitConverter.ToString(bytes);
}
private String CalcAuthSigHash(string key, string value)
{
HMACSHA256 hmac = new HMACSHA256(GetBytes(key));
string hash = GetString(hmac.ComputeHash(GetBytes(value))).Replace("-", "");
return hash;
}
}
}
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import java.io.BufferedReader;
import java.io.DataOutputStream;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.lang.Integer;
import java.lang.String;
import java.lang.StringBuffer;
import java.net.HttpURLConnection;
import java.net.URL;
public class TestAuth {
public static void main(String[] args) {
// todo replace with your actual credentials
String apiKey = "AK-AAAAAAAA-AAAAAAAA-AAAAAAAA-AAAAAAAA";
String secretKey = "SK-AAAAAAAA-AAAAAAAA-AAAAAAAA-AAAAAAAA";
// String baseUrl = "https://api.testwyre.com"; // todo use this for Wyre's testing environment
String baseUrl = "https://api.sendwyre.com";
String data = "";
String result = executeWyreRequest(baseUrl + "/v2/account", "", "GET", apiKey, secretKey);
System.out.println(result);
// todo encode request data - you probably want to use a JSON serialization library such as Jackson for this!
data = "{" +
" \"dest\": \"account:AC-XXXXX\"," + // todo replace with your account ID
" \"destCurrency\": \"USD\"," +
" \"sourceCurrency\" : \"BTC\"," +
" \"sourceAmount\" : \"1\"," +
" \"message\": \"$1 worth of bitcoin!\"" +
"}";
result = executeWyreRequest(baseUrl + "/v2/transfers", data, "POST", apiKey, secretKey);
System.out.println(result);
}
public static String executeWyreRequest(String targetURL, String requestBody, String method, String apiKey, String secretKey) {
URL url;
HttpURLConnection connection = null;
try {
targetURL += ((targetURL.indexOf("?")>0)?"&":"?") + "timestamp=" + System.currentTimeMillis();
//Create connection
url = new URL(targetURL);
connection = (HttpURLConnection)url.openConnection();
connection.setRequestMethod(method);
System.out.println(connection.getRequestMethod());
connection.setRequestProperty("Content-Type", "application/json");
connection.setRequestProperty("Content-Length", Integer.toString(requestBody.getBytes().length));
// Provide API key and signature
connection.setRequestProperty("X-Api-Key", apiKey);
connection.setRequestProperty("X-Api-Signature",computeSignature(secretKey,targetURL,requestBody));
//Send request
if(method.equals("POST")) {
connection.setDoOutput(true);
connection.setRequestMethod(method);
DataOutputStream wr = new DataOutputStream(
connection.getOutputStream());
wr.write(requestBody.getBytes("UTF-8"));
wr.flush();
wr.close();
}
//Get Response
InputStream is;
if (connection.getResponseCode() < HttpURLConnection.HTTP_BAD_REQUEST) {
is = connection.getInputStream();
} else {
is = connection.getErrorStream();
}
BufferedReader rd = new BufferedReader(new InputStreamReader(is));
String line;
StringBuffer response = new StringBuffer();
while((line = rd.readLine()) != null) {
response.append(line);
response.append('\r');
}
rd.close();
return response.toString();
} catch (Exception e) {
e.printStackTrace();
return null;
} finally {
if(connection != null) {
connection.disconnect();
}
}
}
public static String computeSignature(String secretKey, String url, String reqData) {
String data = url + reqData;
System.out.println(data);
try {
Mac sha256Hmac = Mac.getInstance("HmacSHA256");
SecretKeySpec key = new SecretKeySpec(secretKey.getBytes(), "HmacSHA256");
sha256Hmac.init(key);
byte[] macData = sha256Hmac.doFinal(data.getBytes("UTF-8"));
String result = "";
for (final byte element : macData){
result += Integer.toString((element & 0xff) + 0x100, 16).substring(1);
}
return result;
} catch (Exception e) {
e.printStackTrace();
return "";
}
}
}
require 'uri'
require 'net/http'
require 'digest/hmac'
require 'json'
class WyreApi
# todo replace these with your real Wyre credentials
ACCOUNT_ID = 'AC-XXXXXXX'
API_KEY = 'AK-AAAAAAAA-AAAAAAAA-AAAAAAAA-AAAAAAAA'
SEC_KEY = 'SK-AAAAAAAA-AAAAAAAA-AAAAAAAA-AAAAAAAA'
API_URL = 'https://api.sendwyre.com'
# API_URL = 'https://api.testwyre.com' # todo use this for Wyre's testing environment
def create_transfer options
api_post '/v2/transfers', options
end
private
def api_post path, post_data = {}
params = {
'timestamp' => (Time.now.to_i * 1000).to_s
}
url = API_URL + path + '?' + URI.encode_www_form(params)
headers = {
'X-Api-Key' => API_KEY,
'X-Api-Signature' => calc_auth_sig_hash(url + post_data.to_json.to_s)
}
uri = URI API_URL
Net::HTTP.start(uri.host, uri.port, :use_ssl => true) do |http|
http.request_post(url, post_data.to_json.to_s, headers) do |res|
response = JSON.parse res.body
raise response['message'] if res.code != '200'
return response
end
end
end
def calc_auth_sig_hash url_body
return Digest::HMAC.hexdigest url_body, SEC_KEY, Digest::SHA256
end
end
api = WyreApi.new
api.create_transfer({'sourceAmount'=>50,'sourceCurrency'=>'USD','dest'=>'account:' + ACCOUNT_ID, 'destCurrency'=>'BTC', 'message'=>'buy some bitcoin')
// This sample assumes use of Express Node.js framework
const axios = require('axios');
const CryptoJS = require('crypto-js');
// Store API keys in your environment configuration.
const YOUR_WYRE_API_KEY = AK-XXXX-XXXX-XXXX;
const YOUR_WYRE_SECRET_KEY = SK-XXXX-XXXX-XXXX;
const productionUrl = "https://api.senwyre.com";
const testUrl = "https://api.testwyre.com"
// Signature Calculation using Crypto-js
const signature = (url, data) => {
const dataToSign = url + data;
const token = CryptoJS.enc.Hex.stringify(CryptoJS.HmacSHA256(dataToSign.toString(CryptoJS.enc.Utf8), YOUR_WYRE_SECRET_KEY));
return token;
}
/*Wallet Order Quotation POST request:
https://docs.sendwyre.com/docs/wallet-order-quotation
*/
async rateQuote(req, res, next) {
try {
const timestamp = new Date().getTime();
const url = `${testUrl}/v3/orders/quote/partner?timestamp=${timestamp}`;
const headers = {};
const body = {
amount: "100.75",
sourceCurrency: "USD",
destCurrency: "BTC",
dest: "bitcoin:1xxxxxxxxxxxxxxx",
country: "US",
accountId: "AC_xxxxxxxx",
walletType: "DEBIT_CARD"
}
const details = JSON.stringify(body);
headers['Content-Type'] = 'application/json';
headers['X-Api-Key'] = YOUR_WYRE_API_KEY;
headers['X-Api-Signature'] = signature(url, details);
const config = {
method: "POST",
url: url,
headers: headers,
data: details
}
const response = await axios(config);
res.send(response.data);
} catch (error) {
next(error)
}
}
Updated over 2 years ago