Authenticate with Api-secret keys

Good to know: A quick start guide can be good to help folks get up and running with your API in a few steps. Some people prefer diving in with the basics rather than meticulously reading every page of documentation!

Request API and Secret Keys

At present, you have the opportunity to request API and secret keys for accessing our API. These keys are displayed only once and cannot be retrieved again. The API key serves as your unique identifier, while the secret key is utilized to generate an HMAC for each timestamp, ensuring the security of your information.

Generating an HMAC Key using secret key and timestamp

You have the capability to create a fresh HMAC key by combining your secret key with the request's timestamp. This HMAC key remains valid for a duration of 5 minutes. Post this period, you can conveniently generate a new one by employing the script provided below.

curl -X POST "lenme_server_endpoint" \
     -H "accept: application/json" \
     -H "X-API-KEY: your-api-key-here" \
     -H "X-Timestamp: current-timestamp" \
     -H "X-HMAC: generated-signature" \

import hmac
import hashlib
import time

def generate_client_hmac(secret_key):
    timestamp = str(int(time.time()))

    message = f"{timestamp}:{secret_key}"

    hmac_signature = hmac.new(secret_key.encode(), message.encode(), hashlib.sha256).hexdigest()

    return hmac_signature, timestamp

secret_key = "your_secret_key"

hmac_signature, timestamp = generate_client_hmac(secret_key)
print("HMAC Signature:", hmac_signature)
print("Timestamp:", timestamp)

import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.time.Instant;

public class Main {
    public static String generateClientHmac(String secretKey) throws Exception {
        String timestamp = String.valueOf(Instant.now().getEpochSecond());
        String message = timestamp + ":" + secretKey;

        Mac hmac = Mac.getInstance("HmacSHA256");
        SecretKeySpec secretKeySpec = new SecretKeySpec(secretKey.getBytes(StandardCharsets.UTF_8), "HmacSHA256");
        hmac.init(secretKeySpec);

        byte[] hash = hmac.doFinal(message.getBytes(StandardCharsets.UTF_8));
        return String.format("%064x", new BigInteger(1, hash)) + "," + timestamp;
    }

    public static void main(String[] args) throws Exception {
        String secretKey = "your_secret_key";
        String[] result = generateClientHmac(secretKey).split(",");
        System.out.println("HMAC Signature: " + result[0]);
        System.out.println("Timestamp: " + result[1]);
    }
}

require 'openssl'
require 'time'

def generate_client_hmac(secret_key)
  timestamp = Time.now.to_i.to_s
  message = "#{timestamp}:#{secret_key}"

  hmac = OpenSSL::HMAC.hexdigest('sha256', secret_key, message)
  return hmac, timestamp
end

secret_key = "your_secret_key"
hmac_signature, timestamp = generate_client_hmac(secret_key)
puts "HMAC Signature: #{hmac_signature}"
puts "Timestamp: #{timestamp}"

const crypto = require('crypto');

function generateClientHmac(secretKey) {
    const timestamp = Math.floor(Date.now() / 1000).toString();
    const message = `${timestamp}:${secretKey}`;

    const hmac = crypto.createHmac('sha256', secretKey).update(message).digest('hex');
    return [hmac, timestamp];
}

const secretKey = "your_secret_key";
const [hmacSignature, timestamp] = generateClientHmac(secretKey);
console.log("HMAC Signature:", hmacSignature);
console.log("Timestamp:", timestamp);

<?php
function generateClientHmac($secretKey) {
    $timestamp = time();
    $message = $timestamp . ':' . $secretKey;

    $hmacSignature = hash_hmac('sha256', $message, $secretKey);
    return array($hmacSignature, $timestamp);
}

$secretKey = "your_secret_key";
list($hmacSignature, $timestamp) = generateClientHmac($secretKey);
echo "HMAC Signature: " . $hmacSignature . "\n";
echo "Timestamp: " . $timestamp . "\n";
?>

Upon generating the HMAC key, you will also receive the current timestamp. These two pieces of information are crucial for the authentication of each request you make. In the subsequent step, you will utilize these values.

Remember

It's important to note that the HMAC key has a validity period of only five minutes. Once this time has elapsed, the key becomes invalid, necessitating the generation of a new HMAC key for continued access.

Making A Request

All REST requests must contain the following headers:

X-API-KEY Your API key identifier
X-Timestamp Timestamp for your request (generated in the above script)
X-HMAC Messgae Signature of your secret key

All request bodies should have content type application/json and be valid JSON.

Error Handling

Errors can occur due to various reasons such as invalid requests for invalid API-key, time stamp of the request out of range, invalid HMAC or internal server issues. Each error response will include a JSON body with a clear detail to help you understand what went wrong.

Example Error Response:

{
  "detail": "Timestamp out of range"
}

Common Error Codes

Authentication credentials were not provided - The request is missing a required parameter or is malformed.
Invalid HMAC - The HMAC has been expired or
Invalid API Key - The API-Key is not found or maybe revoked.

Sample Request

Once you have authenticated, you can start using our APIs. Please, refer to API reference for an example that shows you steps to fund loans.

Conclusion

In conclusion, by adhering to our established protocols for authentication and error handling, you can ensure a strong and secure integration with our API. This approach not only fortifies your application's security but also enhances the user experience. Stay updated with our changelog for the latest updates and features we introduce.

PreviousWelcome!NextLenme Webhooks

Last updated 1 year ago

Sign In With Lenme API And Secret Keys Authentication