Skip to main content

B2B Identification

Once you have your api-key and api-secret, you are ready to start using Binco's endpoints. For each request, it is necessary to add two specific headers: api-key and signature. Next, we will see how to complete each of them.

Using the Api Key

The api-key obtained during the creation of the company should be included in the header named api-key. Simply include the value of your api key in this header as the first step to ensure proper identification during each request.

Generating and using Signature

The second step is generating the signature for your request. To do this, you must encrypt the body of your request using the HMAC SHA-256 hash algorithm along with your api-secret.

Once obtained, you must send this value in a new header called signature.

For example, if your api-secret is: 17eb7830-53aa-48ab-ae78-8126ab3efcc5

and you wish to consume the POST /payer endpoint to create a new payer, sending the following body:

{
  "firstName": "Bruce",
  "lastName": "Wayne",
  "documentType": "PASSPORT",
  "document": "123456789",
  "email": "bwaine@wayneenterprises.com",
  "deviceFingerprint": "sfsdfssdf-sdasdas-sdf-sdf234-fsdf-sdsdf",
  "address": {
    "countryId": "f0894f50-1b54-424f-9cb6-50f7daafbc37",
    "state": "New Jersey",
    "city": "Gotham City",
    "street": "Mountain Drive",
    "doorNumber": "1007",
    "apartmentNumber": "",
    "zipCode": "07095"
  },
  "country": "URY"
}

you can do the following:

const jsonBody = JSON.parse(pm.request.body.raw);
const apiSecret = '17eb7830-53aa-48ab-ae78-8126ab3efcc5';
const hmac = CryptoJS.HmacSHA256(JSON.stringify(jsonBody), apiSecret).toString(CryptoJS.enc.Hex);
pm.request.headers.add({ key: 'signature', value: hmac });

In this way, we will obtain the value to incorporate into the header signature. It's important to note that, for GET endpoints, it is required to encrypt an empty body:

const jsonBody = JSON.parse({});

This specific protocol reinforces the integrity and authenticity of your requests, adding an additional layer of security to the interaction with Binco's endpoints.

With the incorporation of the newly introduced headers api-key and signature, ensuring that they contain the correct values, your system is now fully equipped to make the most of Binco's endpoints. These headers not only provide the necessary secure identification but also ensure the authenticity and integrity of your requests.