SHA256 Authentication
Authentication for iyzico services enhances security through a precise sequence of encryption techniques, including Base64, and HmacSHA256 hashing. To access our API securely, authentication is required. SHA256 Authentication is achieved through the inclusion of an API Key
,randomKey
and encryptedData(Encrypted with HmacSHA256)
( together in the header of your HTTP requests.)
To access our API securely, authentication is required. Authentication is achieved through the inclusion of an API Key
and randomKey
together in the header of your HTTP requests.
"Authorization": "IYZWSv2"+" "+"base64EncodedAuthorization”
Overview
Here's a breakdown of the required components:
apiKey : Your unique API key assigned to your account
random-key-123 : A randomly generated number included in the request header for each API call
secretKey : Your secret key associated with your account.
base64EncodedAuthorization : Encoded version of the request payload parameters.
Authentication is done simply in one step. Yet three is four steps for generate an Autherization String.
dataToEncrypt
encryptedData
authorizationString
dataToEncrypt
dataToEncrypt represents your payload combined with generated randomKey. Before this step, there is several actions your payload took. I.e combining your data with your URL paths.
encryptedData
In this step you cypher the dataToEncrypt you had in the step before. Assuming that you created a sandbox account which gives you unique secretKey, secretKey
is used to generate the HMAC hash of dataToEncrypt
, which is then included in the authorization string to ensure the integrity and authenticity of the request being made.
The signature is generated using the following formula, relatively;
HmacSHA256(dataToEncrypt, secretKey)
The result is your signature which you will be using for generating authorizationString.
authorizationString
By combining unique apiKey you have with randomKey and encryptedData we generated in the step before, we can now generate an authorizationString.
The authorizationString
is generated using the following formula, relatively;
After authorizationString is generated, now we have to encode our generated string by using base64. This will give us base64EncodedAuthorization
variable.
Then for return operation, there is simply;
Note that there is single line space between IYZWSv2
and base64EncodedAuthorization
Last updated