EN
GitHub Feedback Form

SHA256 Authentication

Authentication for iyzico services enhances security through a precise sequence of encryption techniques, including Base64, and HmacSHA256 hashing. To access our API securely, authentication is required. SHA256 Authentication is achieved through the inclusion of an API Key ,randomKey and encryptedData(Encrypted with HmacSHA256) ( together in the header of your HTTP requests.)

To access our API securely, authentication is required. Authentication is achieved through the inclusion of an API Key and randomKey together in the header of your HTTP requests.

"Authorization": "IYZWSv2"+" "+"base64EncodedAuthorization”

Overview

Here's a breakdown of the required components:

  • apiKey : Your unique API key assigned to your account

  • random-key-123 : A randomly generated number included in the request header for each API call

  • secretKey : Your secret key associated with your account.

  • base64EncodedAuthorization : Encoded version of the request payload parameters.

Authentication is done simply in one step. Yet three is four steps for generate an Autherization String.

  1. dataToEncrypt

  2. encryptedData

  3. authorizationString

dataToEncrypt

dataToEncrypt represents your payload combined with generated randomKey. Before this step, there is several actions your payload took. I.e combining your data with your URL paths.

encryptedData

In this step you cypher the dataToEncrypt you had in the step before. Assuming that you created a sandbox account which gives you unique secretKey, secretKey is used to generate the HMAC hash of dataToEncrypt, which is then included in the authorization string to ensure the integrity and authenticity of the request being made.

The signature is generated using the following formula, relatively;

HmacSHA256(dataToEncrypt, secretKey)

The result is your signature which you will be using for generating authorizationString.

authorizationString

By combining unique apiKey you have with randomKey and encryptedData we generated in the step before, we can now generate an authorizationString.

The authorizationString is generated using the following formula, relatively;

authorizationString = "apiKey:" + apiKey
            +"&randomKey:" + randomKey
            +"&signature:" + encryptedData;

After authorizationString is generated, now we have to encode our generated string by using base64. This will give us base64EncodedAuthorization variable.

Then for return operation, there is simply;

“IYZWSv2 " + base64EncodedAuthorization

Note that there is single line space between IYZWSv2 and base64EncodedAuthorization

PreviousSHA1 AuthenticationNextSample Authentication

Last updated

Logo

Company

AboutCareerSocialYoutube

Community

GithubMedium

Integration

Brand GuideSolution PartnersOpen Source

Contact

Contact UsSupport Center