Global Payment
    Global Payment
    • Introduction
    • Signature
    • API Keys
    • Get Started
    • Webhook Service
    • Core Functionality
      • create-developer-user
      • create on-ramp request
      • create off-ramp request
      • create on-ramp whit wusd
      • create-developer-user-with-simple-kyb
    • AppendixDocs
      • Business Industry
      • Supported document
      • Appendix
    • Api Reference
      • Authentication
        • Get Access Token
        • Refresh Access Token
      • User
        • Create User
        • submit Kyb V2
        • User Info
        • Simple Kyb Submit
      • Trade
        • Create Fee Config
        • Update Fee Config
        • Get Fee Config
        • Create Trade Request
        • Confirm Transaction
        • Get Transaction
        • Get Exchange Rate
      • Remit
        • Create Remit
        • Update Remit
        • remit info page
        • Get Remit Info
      • File
        • Upload File
      • Webhook
        • Event Page
        • Simulate a Event Call
    • Schemas
      • Schemas
        • RefundOrderDTO
        • RefundPageReq
        • ApiPageApiPageRefundOrderDTO
        • ApiResponseApiPageRefundOrderDTO
        • CancelReq

    Signature

    1. Request Signature#

    For Open API requests, the signature are mandatory in the HTTP Header for security reason. You can apply to all the API requests as well.
    1.1. Components of signature before hash:
    • HTTP Method: In uppercase.
    • Timestamp: Timestamp number in millis. The request will be failed if the timestamp is before or after 2 minutes.
    • URL: The request URL without scheme and hostname.
    • Querystring: The in-URL parameters without the prefix ?, un-encoded.
    • Request Body: For string-based body, empty if not set. Must exactly same as the actually request body, including the invisible characters.
    1.2. You need to combine these values by sequence, for example:
    1.3. Generate the signature string after you get the string to sign in the 2nd step, then you can generate the signature string by using HMAC-SHA512 method and Base64 encoding with the Sign Key Before Integration.
    1.4. Append signature to HTTP headers beside the Authorization header every request needed, the following headers are also need to add when perform a request:
    • TIMESTAMP: The timestamp value should be same as Timestamp component in signature.
    • SIGNATURE: The signature string generated.

    2.Response Signature#

    The Response Signature follows the same signing rules as the request. The customer is responsible for verifying the signature in the response using the same process.
    Verification Process:
    2.1. The customer will use the same signature components (HTTP method, timestamp, URL, querystring, and response body) to generate the signature string.
    2.2. The signature is verified by comparing the generated signature with the D-SIGNATURE header in the response.
    2.3. If the signatures match, the response is valid. If they do not match, the response should be rejected.

    3.JAVA Signature Example#

    4.JavaScript Signature Example#

    Modified at 2026-01-13 08:17:19
    Previous
    Introduction
    Next
    API Keys
    Built with