All API requests must be cryptographically signed to ensure
integrity and authenticity.

Request signing prevents tampering and guarantees that the request was
generated by an authorized client.

Step 1. Obtain an Access Token

Authenticate using your API Key and API Secret.

POST /auth/token

Example:

curl -X POST {authentication_base_url}/auth/token
-H "Content-Type: application/json"
-d '{
"token": "zed_live_xxxxx:475c593cd9f373xxxxx",
"audience": "ZEDTECH_PAYMENTS"
}'

Response:

{ "access_token": "eyJhbGciOiJSUzI1NiIs...", "expires_in": 3600 }

The access token contains a signing_key which will be used to sign
requests.

Step 2. Prepare the Request Payload

Example request body:

{ "amount": 10000, "reference": "txn_12345" }

Step 3. Compute the Payload Hash

Hash the exact request body using SHA256.

payload_hash = SHA256(request_body)

Step 4. Build the Canonical String

Combine the timestamp and payload hash.

canonical = timestamp + "." + payload_hash

Example:

1710000000.5f16f9d5b2f...

Step 5. Generate the Signature

Sign the canonical string using the signing_key from the access token.

signature = HMAC_SHA256(signing_key, canonical)

Step 6. Send the Request

Include the following headers:

Authorization: Bearer access_token
Timestamp: Unix timestamp
Signature: HMAC signature

Example:

curl -X POST {payments_base_url}/deposit -H "Authorization: Bearer
ACCESS_TOKEN" -H "Timestamp: 1710000000" -H "Signature: abc123signature"
-H "Content-Type: application/json" -d
'{"amount":10000,"reference":"txn_12345"}'

Node.js Example

Notes

The request body must be signed exactly as sent.

Any modification to the body will invalidate the signature.

The Timestamp should be the current Unix time.

Common Errors

invalid_signature
The computed signature does not match the server.

missing_signature
The request was sent without the required Signature or Timestamp
headers.

Signing requests

Step 1. Obtain an Access Token#

Step 2. Prepare the Request Payload#

Step 3. Compute the Payload Hash#

Step 4. Build the Canonical String#

Step 5. Generate the Signature#

Step 6. Send the Request#

Node.js Example#

Notes#

Common Errors#

Step 1. Obtain an Access Token

Step 2. Prepare the Request Payload

Step 3. Compute the Payload Hash

Step 4. Build the Canonical String

Step 5. Generate the Signature

Step 6. Send the Request

Node.js Example

Notes

Common Errors