Integration Guide
1. Setup
-
Register account https://paydefi.io/auth/register/ (opens in a new tab)
-
Set wallet address in settings section
-
Obtain API credentials.
-
Add webhook endpoint to receive notifications about payment status change
2. Making Requests
For more detailed information, visit the API Reference (Swagger) (opens in a new tab) directly.
Base URL
https://api.paydefi.io/
Authentication
To use the PayDeFi API, you must obtain an API key by signing up on the PayDeFi (opens in a new tab) website. Include this API key in the Authorization header of your requests.
Paydefi-Api-Key: YOUR_ACCESS_TOKEN
Webhook Payload Verification
Every payment status update request includes a Paydefi-Signature
header. This header contains the SHA256 HMAC signature of the raw request payload, computed using your webhook secret as the key.
Paydefi-Signature: COMPUTED_SIGNATURE
Verify HMAC Signature
To verify the signature you have to:
- Get your secret key by visiting Webhook settings page (opens in a new tab).
- Get signature from
Paydefi-Signature
header. - Get the payload. It should be the raw body of the HTTP request, formatted as a JSON string. Any change in the payload could invalidate the signature, so it must be captured exactly as it arrives.
Implementation Example
const crypto = require("node:crypto");
verifySignature(signature, payload, secret) {
// Create a new HMAC object using the secret key and the SHA256 hash algorithm
const hmac = crypto.createHmac("sha256", secret).update(payload);
// Generate the hexadecimal HMAC signature
const computedSignature = hmac.digest("hex");
// Compare the computed signature with the given signature
return computedSignature === signature;
}
// Example values
const signature = "received_signature" // Replace "received_signature" with the signature you get from Paydefi-Signature header.
const payload = '{"orderId":"123","status":"ACCEPTED","paymentId":"234"}' // Example payload. Ensure it is raw as received.
const secret = "your_webhook_secret" // Replace "your_webhook_secret" with secret you received from https://paydefi.io/settings/webhooks.
const isValid = verifySignature(signature, payload, secret);
console.log("Signature is valid: ", isValid);