Pokoapp.xyz
  • Overview
    • 🛠️What we do
    • 😎Our vision
    • 📌Key products
    • 🤖Getting help & support
    • 👋Meet our team
  • Onramp Aggregator
    • What is Onramp Aggregator
    • Getting Started
    • Why use Onramp Aggregator
    • Onramp Aggregator dashboard
    • SDK integration & documentation
      • Web integration
        • Parameters
        • Redirect integration
        • Iframe integration
        • Customized integration
        • Theme customization
        • Quote API
        • URL signature
      • Mobile integration
        • Android native
        • Poko SDK for React Native
      • Dashboard API
      • Check availability of pairs API
      • Deployment examples
      • Support for integration
    • Dashboard
    • Testing guideline
    • Token coverage
    • Country & payment method coverage
    • Pricing
    • FAQs
  • Direct Checkout
    • What is Direct Checkout
    • Why use Direct Checkout
    • Integration
      • NFT Checkout & Defi
      • Wallet
        • Whitelist Endpoints
      • Setup Widget
      • Off-chain integration
    • Dashboard
    • Testing guideline
    • Country & payment method coverage
    • Pricing
    • KYC
  • Coverage
    • 🖇️Token coverage
    • 🌎Country & payment method coverage
    • 📋Request token & country coverage
  • Other resources
    • Readings about payments
Powered by GitBook
On this page
  1. Onramp Aggregator
  2. SDK integration & documentation
  3. Web integration

URL signature

Generate signatures when passing sensitive data.

If your widget URL contains sensitive information such as receiveWalletAddress, we strongly recommend using the signature parameter.

You can generate a signature of the URL server-side, which must be appended to the end of the URL. If the signature is provided, we'll check the validity of the query string to make sure it has not been altered.

How to generate signatures

Compute an HMAC with a SHA-256 hash function. Use your signature_secret as the key, and use the original query string as the message.

NOTE: Certain cloud providers and their API gateway may change the order of our parameters resulting in a failed signature validation.

Example with NodeJS

import crypto from 'crypto';

const originalUrl = 'https://onramp.pokoapp.xyz/?apiKey=abc&receiveWalletAddress=0x9D731d97&userId=test_userId';
const signature_secret = 'YOUR_ACCOUNT_signature_secret';

const signature = crypto
    .createHmac('sha256', signature_secret)
    .update(new URL(originalUrl).search)
    .digest('hex');

const urlWithSignature = `${originalUrl}&signature=${signature}`;

PreviousQuote APINextMobile integration

Last updated 2 years ago