Log in

Authentication

API Security Protocol

All API requests must be authenticated with a JWT Token in the request. Your API keys carry many privileges, so be sure to keep them secret!

You authenticate to the Paysprint API by providing your JWT token in the header of each request.

What is JSON Web Token(JWT)?

JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed. JWTs can be signed using a secret (with the HMAC algorithm) or a public/private key pair using RSA or ECDSA.

Although JWTs can be encrypted to also provide secrecy between parties, we will focus on signed tokens. Signed tokens can verify the integrity of the claims contained within it, while encrypted tokens hide those claims from other parties. When tokens are signed using public/private key pairs, the signature also certifies that only the party holding the private key is the one that signed it.

What is the JSON Web Token structure?

In its compact form, JSON Web Tokens consist of three parts separated by dots (.), which are:

  • Header
  • Payload
  • Signature

Therefore, a JWT typically looks like the following.

You can find complete reference here

Token Creation using JWT

JWT generation process All APIs will except a JSON Web Tokens (JWT) Token in header value for Authorization. Refer https://jwt.io/ to understand JWT better. JWT signature has to be generated using the partner secret.

Algorithm type - HS256 JWT Payload


                            { 
                             "timestamp": 1541044257000, 
                              "partnerId": "PROVIDED BY PAYSPRINT", 
                              "reqid": "122333" //(send a unique intiger for each request) 
                            }

Timestamp is in seconds and and it will be valid for <=5 minutes from current time.

AES generation process All body value must be encrypted using AES-128 with the help of key and iv provided by API provider .

Token Creation Sample Codes


                            { 
                             "timestamp": 1541044257000, 
                              "partnerId": "PROVIDED BY PAYSPRINT", 
                              "reqid": "122333" //(send a unique intiger for each request) 
                            }
                        

                            { 
                             "timestamp": 1541044257000, 
                              "partnerId": "PROVIDED BY PAYSPRINT", 
                              "reqid": "122333" //(send a unique intiger for each request) 
                            }

IP ADDRESS RESTICTION

We only whitelist Indian IP addresses and server location must be of India only

Authorisedkey

Authorized key is required to pass in UAT but not in Live environment, if partner not using shared IP.

Updated about 2 years ago
Get Started UAT Credentials