Create signature secret
Dintero can optionally sign all request it sends to your endpoints.
We do so by including a signature in the request Dintero-Signature
header. This allows you to verify that the request was done by
Dintero, not by a third party.
v0-hmac-sha256
<timestamp>\n<account_id>\n<method>\n<hostname>\n<pathname>\n<query>
secret: 123
timestamp: 1582236537
account_id: P00000000
method: GET
url: https://example.com/callback?B=123&A=992
Dintero-Signature: t=1582236537,
v0-hmac-sha256=6bed2ab1b919d460ef7465a20dc6c97260dca73fab6647106ca525f0908df64a
The timestamp (
t) in the Dintero-Signature, is included in the signature payload to mitigatereplay attach. If your signature is valid but the timestamp is too old, you can have your application reject the request. We recommend that your application have a tolerance of five minutes between the timestamp and the current time.
NOTE: The query parameters must be sorted.
scopes:
- admin:checkout
- write:checkout
Documentation Index
Fetch the complete documentation index at: https://docs.dintero.com/llms.txt
Use this file to discover all available pages before exploring further.
Authorizations
X-API-Key authentication for accessing admin endpoints. Use Create api-key to create a key.
The content of the header should look like the following:
x-api-key: {api_key}