Documentation
Integration Guide
Integration

Integration Guide

1. Setup

2. Making Requests

For more detailed information, visit the API Reference (Swagger) (opens in a new tab) directly.

Base URL

https://api.paydefi.io/

Authentication

To use the PayDeFi API, you must obtain an API key by signing up on the PayDeFi (opens in a new tab) website. Include this API key in the Authorization header of your requests.

Paydefi-Api-Key: YOUR_ACCESS_TOKEN

Webhook Payload Verification

Every payment status update request includes a Paydefi-Signature header. This header contains the SHA256 HMAC signature of the raw request payload, computed using your webhook secret as the key.

Paydefi-Signature: COMPUTED_SIGNATURE

Verify HMAC Signature

To verify the signature you have to:

  • Get your secret key by visiting Webhook settings page (opens in a new tab).
  • Get signature from Paydefi-Signature header.
  • Get the payload. It should be the raw body of the HTTP request, formatted as a JSON string. Any change in the payload could invalidate the signature, so it must be captured exactly as it arrives.

Implementation Example

const crypto = require("node:crypto");
 
verifySignature(signature, payload, secret) {
 
  // Create a new HMAC object using the secret key and the SHA256 hash algorithm
  const hmac = crypto.createHmac("sha256", secret).update(payload);
 
  // Generate the hexadecimal HMAC signature
  const computedSignature = hmac.digest("hex");
 
  // Compare the computed signature with the given signature
  return computedSignature === signature;
}
 
// Example values
const signature = "received_signature" // Replace "received_signature" with the signature you get from Paydefi-Signature header.
const payload = '{"orderId":"123","status":"ACCEPTED","paymentId":"234"}' // Example payload. Ensure it is raw as received.
const secret = "your_webhook_secret" // Replace "your_webhook_secret" with secret you received from https://paydefi.io/settings/webhooks.
 
const isValid = verifySignature(signature, payload, secret);
console.log("Signature is valid: ", isValid);