Comment on page
URL signature
Generate signatures when passing sensitive data.
If your widget URL contains sensitive information such as receiveWalletAddress, we strongly recommend using the
signature parameter.You can generate a
signature of the URL server-side, which must be appended to the end of the URL. If the signature is provided, we'll check the validity of the query string to make sure it has not been altered.Compute an HMAC with a SHA-256 hash function. Use your signature_secret as the key, and use the original query string as the message.
NOTE: Certain cloud providers and their API gateway may change the order of our parameters resulting in a failed signature validation.
Example with NodeJS
import crypto from 'crypto';
const originalUrl = 'https://onramp.pokoapp.xyz/?apiKey=abc&receiveWalletAddress=0x9D731d97&userId=test_userId';
const signature_secret = 'YOUR_ACCOUNT_signature_secret';
const signature = crypto
.createHmac('sha256', signature_secret)
.update(new URL(originalUrl).search)
.digest('hex');
const urlWithSignature = `${originalUrl}&signature=${signature}`;
Last modified 6mo ago