Koinal Checkout API
Before reaching out to API or form interfaces, merchant should generate an encoded hash and pass it to form or API.
Hash generation and passing to Checkout API
Merchant needs to pass a base64 encoded json message to the form or API which includes merchant_code, customer_reference, timestamp and signature values.
Signature is used in decoded hash and protects the message from changes. Each request is signed by the signature.
Signature is calculated by merchant with secret key value (generated specifically for merchant)and values of the other JSON body parameters with SHA-256 hmac method. Secret is generated by Koinal.
For example, you have following parameters:
Secret: 11qq22ww
JSON body parameters and values: merchant_code: 1000, customer_reference: User1, timestamp: 1000
Then merchant will pass this JSON body:
{
"merchant_code": 1000,
"customer_reference": "User1",
"timestamp": "1000"
}
Merchant will also need to calculate SHA-256 signature of the following string and add it to JSON body:
merchant_code + customer_reference + timestamp + secret
which is (for this example), hmac hash value of 1000User1100011qq22ww with SHA-256 algorithm equals: 6642fb1bf6084d3bfa0deb83f8fe71d1c7a7301195022932a103b1d9731a056b
Then merchant should add this to JSON Body as signature:
{"merchant_code":1000,"customer_reference":"User1","timestamp":"1000","signature":"6642fb1bf6084d3bfa0deb83f8fe71d1c7a7301195022932a103b1d9731a056b"}
The result string of hash after encoding it with base64 will be:
eyJtZXJjaGFudF9jb2RlIjoxMDAwLCJjdXN0b21lcl9yZWZlcmVuY2UiOiJVc2VyMSIsInRpbWVzdGFtcCI6IjEwMDAiLCJzaWduYXR1cmUiOiI2NjQyZmIxYmY2MDg0ZDNiZmEwZGViODNmOGZlNzFkMWM3YTczMDExOTUwMjI5MzJhMTAzYjFkOTczMWEwNTZiIn0=
Merchant need to pass authorization hash with every request to API
Allows merchant to get a quote. cryptocurrency_amount or currency_amount should be passed to calculate a quote.
Request headers
Authorization Hash
Request body
Responses
Body
{
"data": {
"cryptocurrency_amount": 0.10034116,
"cryptocurrency": "BTC",
"currency_amount": 1000,
"currency": "USD",
"token": "83771cad9663db92693bc57579182678"
},
"code": "00",
"message": "APPROVED",
"status": "APPROVED"
}Allows Merchant to create a on order. Merchant should redirect customers to checkout URL returned by this call. Rest of the buying process will be handled on Koinal side.
Request headers
Authorization Hash
Token code from quote request
Request body
Token from get quote request
Wallet address of the customer
Destination tag for XRP addresses
Merchant customer’s ip address
Responses
Body
Checkout url that merchant should redirect
{id}/statusAllows merchant to check order status.
Path variables
Order id
Request headers
Authorization Hash
Responses
Body
Order id
Order status
Total fiat amount of order
Currency code of order
Cryptocurrency amount of order
Cryptocurrency code of order
Transaction id on blockchain
Timestamp of the request
After the transaction is processed, callback in JSON format is sent to callback URL provided by merchant.
Callbacks are always sent:
- when received transaction was completed
Callback signature
Signature is used in callbacks and protects the message from changes. Each callback’s request is signed by the signature, signature of callback is sent in callback header.
Signature is calculated by Koinal from callback secret(generated for merchant) value and JSON body of callback request with SHA-256. Callback secret is also generated by Koinal and received by merchant with merchant code.
For example, you have following parameters:
Callback secret: 11qq22ww
Received callback’s JSON body
Then merchant will need to calculate SHA-256 signature of the following string:
{ “id”: 123, … }11qq22ww
The result string must be equal to string in the header Signature of callback.
Callback requests are sent with the following parameters.
Request headers
Callback signature