Settings
The Settings view allows you to modify the configuration of your Azupay account on your own. Available options include:
- Generate / Regenerate API keys
- IP Whitelisting
- Enable TopUp PayID. Used to top-up your AzupayOut account balance for outbound payments
- Configure webhook events for PaymentRequest
- Enable
Thin Payload
for webhook events
Manage API Keys
The API Keys settings allow you to generate a new set of secret and distributable keys. Click the Generate button to generate them.
You will be presented with confirmation dialog. Click Yes to confirm the generation.
You can choose to generate HMAC keys to write signature headers for your requests.
HMAC adds additional security to your system messages
HMAC Headers provides a way to verify data has not been tampered with in transit, verifies timestamp when it was sent and by whom.
HMAC as an additional security measure
API keys with HMAC enabled will require all API calls to have a valid signature to prevent tampering as a security measure. All API calls without a valid HMAC signature will fail - only enable this if you understand how to provide the HMAC signature.
Once generated, the secret and distributed keys will be displayed. Copy and save it in a secure location as this
is the only time the keys will be displayed. Azupay does not store the API keys for security reason.
Click Close to return to the Settings page and the new key's information will be displayed. This includes:
- API Key ID
- Description
- Key Permissions
- Status
- Key Created
In the Actions column, you can active/disable the keys. Click the switch icon to
active/disable them. Once you click the switch icon the status of the key will change
to ACTIVE/DISABLED.
You can ACTIVATE the DISABLED key by clicking on the action switch icon.
In the Actions column, you can duplicate existing keys. Click the icon to duplicate them.
You will be presented with confirmation dialog. Click Yes to confirm the duplication.
Once duplicated, the key will be displayed. Copy and save it in a secure location as this is the only time the key will be displayed. Azupay does not store the API keys for security reason.
Click Close to return to the Settings page and the new key information will be displayed.
HMAC Keys
Secret API keys can have a companion HMAC key attached to it.
Like the api keys, the HMAC key is only displayed once after the generation.
In the dashboard you can verify which api keys have a HMAC key attached to it.
You can use this HMAC key to sign the payloads on POST and PUT requests made with the companion api key.
Api keys that have a HMAC key attached, will expect a x-hmac-signature
on POST and PUT requests.
Sample code to make signed requests:
const crypto = require("crypto");
const hmacKey = '{{YOUR_HMAC_KEY}}'
const body = `{
"PaymentRequest": {
"clientId": "{{CLIENT_ID}}",
"clientTransactionId": "c0e35aad-c9a8-45e8-be41-30794f138b9c",
"paymentDescription": "Client test transaction",
"paymentAmount": 1000.00
}
}`
const hmac = crypto.createHmac('sha256', hmacKey);
hmac.update(body);
const signature = hmac.digest('hex')
axios.post(`${url}/paymentRequest`, body, {
headers: {
'Authorization': key,
'Content-Type': 'application/json',
'x-hmac-signature': signature
},
});
Requests made using api keys that have a HMAC key attached will fail if:
- The request does not have a
x-hmac-signature
header - The signature and the body do not match (body have been tampered)
- The key used to sign doesn't match the key in the api
Any of these scenarios will return a 403 Forbidden
status code.
IP Whitelisting
This setting will allow you to map certain IP addresses to access Azupay endpoints when using your API keys.
To do this:
- Within the text area, enter one or more IP addresses (each addresss on its own line)
- Then click the Save button
Notes:
- You can enter only up to 10 addresses.
- By default, the IP filter is open to all IP addresses.
Thin Payloads
The aim of this feature is to deliver just the bare minimum needed to identify a change has occurred, without
exposing excessive data.
Thin Payloads are only available for PayTo suite of APIs
This feature is currently only available for the AzupayTo product entities which includes:
- Payment Agreement
- Payment Initiation
- Payment Agreement Amendment
Entity | Fields | Example |
---|---|---|
Payment Agreement |
|
|
Payment Initiation |
|
|
Payment Agreement Amendment |
|
|
Updated 15 days ago