Stable Mint Payments

Appearance

API Authentication

To authenticate requests to the StableMint Payments API, follow these steps:

1. Create a Public RSA Key

  • After receiving your login credentials, visit the StableMint dashboard at: dashboard.stablemint.io

  • Log in and navigate to the Developer Hub section of the dashboard.

  • In the Developer Hub, you will be prompted to input and save your Public RSA Key. This key will be used to verify the authenticity of requests originating from your application.

  • After saving your Public RSA Key, your API credentials (API Key and Secret) will be generated automatically.

2. Integrate Authentication

Required Headers

Every request must include the following headers:

  1. signature: A SHA256 hashed signature of the string: "<TIMESTAMP>,<API_SECRET>,<UNIQUE_USER_ID>"

  2. timestamp: The current timestamp using Unix Epoch time in milliseconds.

  3. apiKey: The API Key provided by StableMint for authenticating requests.

Example Request Headers

http
signature: <SHA256 hash of "<TIMESTAMP>,<API_SECRET>,<UNIQUE_USER_ID>" using your private key>
timestamp: <current UNIX timestamp>
api_key: <your API Key>

Generating the Signature

  1. String Construction:

    text
    "<TIMESTAMP>,<API_SECRET>,<UNIQUE_USER_ID>"
    • Replace <TIMESTAMP> with the current timestamp using Unix Epoch time in milliseconds.
    • Replace <API_SECRET> with your API Secret provided by StableMint.
    • Replace <UNIQUE_USER_ID> with the unique user identifier from the request payload.

  2. Generate a hash and sign:

    With the string composed, it must be hashed using the SHA256 algorithm, which produces a unique hash value for each string. This hash is then signed using your Private RSA Key.

    Below there is an example of a function in NodeJS using the built-in crypto module to generate a SHA256 hash and sign it with your Private RSA Key:

    javascript
     import crypto from "crypto";

 function generateSignature(userId, apiSecret) {
     const timestamp = Date.now();
     const signatureString = `${timestamp},${apiSecret},${userId}`;

     const sign = crypto.createSign("SHA256");
     sign.write(signatureString);
     sign.end();

     return {
         signature: sign.sign(privateKey, "base64"),
         timestamp,
     };
 }

  3. Header Formation:

    Insert the signed signature in the http header as follows:

    http
    signature: <base64_encoded_signature>

Additional Notes

  • Private Key Management: Keep your private key secure. It should never be shared or exposed in any form.
  • UNIQUE_USER_ID Consistency: The UNIQUE_USER_ID must consistently match the one provided in the request payload userId to ensure proper authentication and transaction tracking.

3. Requests verification

StableMint will use your Public RSA Key to verify the authenticity of requests sent from your application. This ensures that only authorized requests are processed and maintains the integrity of data.

In case the signature verification fails or if any other error occurs during request processing, StableMint will return an HTTP status code 401 - unauthorized.