API Authorization

Request authorization

API authorization is performed by sending an API key in the X-API-KEY header.

Also, for all requests the header Content-Type: application/x-www-form-urlencoded is required.

Example:

curl -X 'GET' \
  'https://sandbox-live-tunell-gateway.ecng.digital/time' \
  -H 'Content-Type: application/x-www-form-urlencoded' \
  -H 'X-API-KEY: 3c72917fgh8x9c75950b50d3ade9f74eabec6786a2c2da0bcb924e2febcd9b1'

Request signing

As additional security layer, all POST requests should be signed by adding a X-API-SIGNATURE header.

The value of X-API-SIGNATURE is a POST body, signed by the API Secret key HMAC-SHA512.

API Secret is displayed only once, when re-generating API key in the Settings->Integration->Tunell Gateway token section (Business Dashboard).

You can validate the X-API-SIGNATURE generation logic by comparing result with the provided example.

Example:


API Secret: A1b2C3d4E5f6
POST /addresses
Request body in application/x-www-form-urlencoded format: currency=ETH&referenceId=TEST_1
curl -X 'GET' \
  'https://sandbox-live-tunell-gateway.ecng.digital/addresses' \
  -H 'Content-Type: application/x-www-form-urlencoded' \
  -H 'X-API-KEY: 3c72917fgh8x9c75950b50d3ade9f74eabec6786a2c2da0bcb924e2febcd9b1' \
  -H 'X-API-SIGNATURE: 8aa471487154396c0aa91180392e2f7b286a5da65494b25abfe7bf17cf92519a447aecd2c2cdeaf5984e37c0405b0de81079cf6fdae8f78ca24c66194427ce1e'
PreviousAPI CredentialsNextAPI Endpoints

Last updated