Authentication
Introduction
Access to Fuze API endpoints requires authentication.
The following section describes the authentication process and how to generate the required headers for making API calls.
The following sections assume that you have the API key and secret provided by Fuze.
Request headers
The following headers are required for all the API requests made to Fuze.
X-API-KEY
This is the API key that will be provided to you by Fuze.
Example: MCowBQYDK2VwAyEAsq2cTpSL0NoJXFmiQPGn+XSSya9ylor/dw1gM6xKmEw=
X-TIMESTAMP
This is the current epoch time in seconds (i.e. the number of seconds that have elapsed since 00:00:00 UTC on 1 January 1970, the beginning of the Unix epoch, less adjustments made due to leap seconds).
Example: 1671444764
X-SIGNATURE
This is the HMAC signature generated using the API secret provided to you by Fuze. The process of generating this signature is described in detail below.
Example: f7bc83f430538424b13298e6aa6fb143ef4d59a14946175997479dbc2d1a3cd8
Generating request signature
HMAC SHA256 is a cryptographic hash function that is used to ensure the integrity and authenticity of a message.
It requires a secret key and a payload as input, and produces a fixed-size output, called the signature.
Before making any request to the Fuze endpoints, create a JSON payload with the following fields in the given order.
{
"body": "<request body as a JSON object>",
"query": "<query parameters as key-value fields in a JSON object>",
"url": "<the URL slug for the api endpoint>",
"ts": "<the value of X-TIMESTAMP header type-casted to string>"
}Stringify the above JSON payload and use it as input to the HMAC SHA256 signing operation with the API secret provided by Fuze to generate the signature.
Note that the order of fields in the request body must match exactly to the one used to generate the signature.
Payload examples
Assume that the endpoint https://staging.api.fuze.finance/api/v1/org/ is being called at the epoch 1671444764.
"GET request without query parameters"
URL:
https://staging.api.fuze.finance/api/v1/org/
Payload:
{
"body": {},
"query": {},
"url": "/api/v1/org/",
"ts": "1671444764"
}"GET request with query parameters"
URL:
https://staging.api.fuze.finance/api/v1/org/?key_1=value_1&key_2=value_2
Payload:
{
"body": {},
"query": {
"key_1": "value_1",
"key_2": "value_2"
},
"url": "/api/v1/org/",
"ts": "1671444764"
}"POST request with body"
URL:
https://staging.api.fuze.finance/api/v1/org/
Body:
{
"key_1": "value_1",
"key_2": "value_2"
}
Payload:
{
"body": {
"key_1": "value_1",
"key_2": "value_2"
},
"query": {},
"url": "/api/v1/org/",
"ts": "1671444764"
}"POST request with query parameters and body"
URL:
https://staging.api.fuze.finance/api/v1/org/?key_1=value_1&key_2=value_2
Body:
{
"key_3": "value_3",
"key_4": "value_4"
}
Payload:
{
"body": {
"key_3": "value_3",
"key_4": "value_4"
},
"query": {
"key_1": "value_1",
"key_2": "value_2"
},
"url": "/api/v1/org/",
"ts": "1671444764"
}Sample code
import axios from "axios";
import { DateTime } from "luxon";
import * as crypto from "node:crypto";
async function main() {
const API_ENDPOINT = "https://staging.api.fuze.finance";
// Use your API key and secret
const API_KEY = "MCowBQYDK2VwAyEA4WzlYqeSEuTIddAOo0VIeaZkjTqp8LUCRZz2qxz7ce4=";
const API_SECRET = `MC4CAQAwBQYDK2VwBCIEIEWY0tGWVuA8HEaXFjzC/AT7T2YP9bcW/nsDYnGkk9ib`;
const body = {
orgUserId: "[email protected]",
kyc: true,
tnc: true
};
const query = {};
const slug = `/api/v1/user/`;
const now = DateTime.utc().toSeconds();
const ts = String(Math.round(now + 3600));
// Generate the signature
const hmac3 = crypto.createHmac("sha256", API_SECRET);
const payload = {
body,
query,
url: slug,
ts
};
hmac3.update(JSON.stringify(payload));
const signature = hmac3.digest("hex");
// Send the request
const url = `${API_ENDPOINT}${slug}`
const headers = {
"X-API-KEY": API_KEY,
"X-TIMESTAMP": ts,
"X-SIGNATURE": signature
}
const response = await axios.post(
url,
body,
{ headers }
);
if (
response.status !== 200 ||
response.data?.code !== 200 ||
response.data?.error
) {
console.error(`Error calling the API`);
return;
}
console.log(`Success with data: ${response.data}`);
}
main();Updated 2 months ago