HMAC Signatures
To ensure authenticity and data integrity, Fundiin requires platform requests and callbacks to be signed. This signature is based on a Hash-based Message Authentication Code (HMAC) calculated using request body and a secret key, which is known only to you and Fundiin.
Request Signing
Before sending a request to Fundiin, you need to calculate the signature and include it as a header in the request. When Fundiin receives the request, it will also calculate the signature using the request body and the secret key stored on the Fundiin side. By verifying that both signatures are equal, Fundiin can ensure that the request is authentic and hasn't been tampered with during transmission.
Callback Validation
You can also validate callbacks received from Fundiin by calculating the corresponding signature and comparing it with the signature included in the callback. This process allows you to confirm that the callback was sent by Fundiin and hasn't been modified during transmission.
Signature Generator
Use this tool to generate a Fundiin HMAC SHA-256 signature from a raw request body for merchant APIs or lender webhooks.
Generate HMAC SHA-256 signature
Paste the raw request body exactly as it will be sent. Fundiin signs the raw text, so whitespace and field order matter.
e13b8e7a619dc37b065714a69fe46157da30e9d67d7db51f86114f84ad6067e8Create Signature
Fundiin is using HMAC SHA-256 algorithm to generate signature
signature = HMAC(algorihtm, secretKey, body)
With:
- algorithm: Refers to the security method registered by the partner with Fundiin. The default algorithm used is
HMAC SHA-256. - secretKey: The secret key provided by Fundiin during the registration process.
- body: The data used for HMAC calculation.
Please make sure to implement this signature generation process correctly to ensure secure and authenticated communication with the Fundiin API.
The HMAC SHA-256 signature is generated using the provided secret key and request body, and then encoded in hexadecimal format.
How to generate HMAC SHA-256 signatures for common languages are mentioned below:
- Java
- Node
- .NET
- PHP
- PYTHON
- GO
- RUBY
- PERL
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
public class SignatureGenerator {
public static String generateHmacSHA256Signature(String secretKey, String data) {
try {
Mac hmacSHA256 = Mac.getInstance("HmacSHA256");
SecretKeySpec secretKeySpec = new SecretKeySpec(secretKey.getBytes(), "HmacSHA256");
hmacSHA256.init(secretKeySpec);
byte[] hash = hmacSHA256.doFinal(data.getBytes());
StringBuilder result = new StringBuilder();
for (byte b : hash) {
result.append(String.format("%02x", b));
}
return result.toString();
} catch (NoSuchAlgorithmException | InvalidKeyException e) {
e.printStackTrace();
return null;
}
}
}
const crypto = require('crypto');
function generateHmacSHA256Signature(secretKey, data) {
const hmac = crypto.createHmac('sha256', secretKey);
hmac.update(data);
return hmac.digest('hex');
}
using System;
using System.Security.Cryptography;
using System.Text;
public class SignatureGenerator
{
public static string GenerateHmacSHA256Signature(string secretKey, string data)
{
byte[] keyBytes = Encoding.UTF8.GetBytes(secretKey);
byte[] dataBytes = Encoding.UTF8.GetBytes(data);
using (var hmacSHA256 = new HMACSHA256(keyBytes))
{
byte[] hashBytes = hmacSHA256.ComputeHash(dataBytes);
StringBuilder result = new StringBuilder();
foreach (byte b in hashBytes)
{
result.Append(b.ToString("x2"));
}
return result.ToString();
}
}
}
function generateHmacSHA256Signature($secretKey, $data)
{
$hash = hash_hmac('sha256', $data, $secretKey, true);
return bin2hex($hash);
}
import hashlib
import hmac
def generate_hmac_sha256_signature(secret_key, data):
message = data.encode('utf-8')
secret = secret_key.encode('utf-8')
signature = hmac.new(secret, message, hashlib.sha256)
return signature.hexdigest()
package main
import (
"crypto/hmac"
"crypto/sha256"
"encoding/hex"
"fmt"
)
func generateHmacSHA256Signature(secretKey, data string) string {
key := []byte(secretKey)
message := []byte(data)
hmacSHA256 := hmac.New(sha256.New, key)
hmacSHA256.Write(message)
hash := hmacSHA256.Sum(nil)
return hex.EncodeToString(hash)
}
require 'openssl'
def generate_hmac_sha256_signature(secret_key, data)
hmac = OpenSSL::HMAC.hexdigest('sha256', secret_key, data)
end
use Digest::SHA qw(hmac_sha256_hex);
sub generate_hmac_sha256_signature {
my ($secret_key, $data) = @_;
my $signature = hmac_sha256_hex($data, $secret_key);
return $signature;
}