requst security headers, request security

NOTE:

Read this chapter if you're going to use REST API. If you're going to use SDK library, you may keep going to next artticle.

Navigation:

Security Headers

Each request to MoneyMade Connect User API should contain following protection headers:

  • x-mm-api-key- the API key you received from our developers

  • x-mm-request-timestamp - current time as timestamp (in milliseconds). E.g. for date '2022-04-28T11:02:12.876Z' it equals to 1651143732876

  • x-mm-request-signature - request signature.

Request Signature

To sign a request you need following parameters:

Parameter

Description

Example

request timestamp

Request timestamp you set into x-mm-request-timestamp header.
It's used as typical nonce.
It should be timestamp with milliseconds.

1651143732876

secret key

The secret key you received from MoneyMade team.

SECRET_KEY_VALUE

request body

The request body JSON string encoded as base64.

{"client_user_id":"my-internal-id"}

request url

Full request url.

https://connect-account-api.moneymade.io

Signature Generation Algorithm:

  1. Concat timestamp + request url+ request body
  2. Create sha256 HMAC (use secret key as encryption key)
  3. Transform it to HEX digest
import * as crypto from 'crypto';

export interface SignatureComponents {
  secretKey: string;
  body: any;
  requestUrl: string;
  timestamp: number;
}

export const makeSign = (params: SignatureComponents) => {
  const { requestUrl, timestamp } = params;
  const bodyPayload = params.body ? JSON.stringify(params.body) : '';
  const hmacBody = timestamp + requestUrl + bodyPayload;
 
  return crypto
    .createHmac('sha256', params.secretKey)
    .update(Buffer.from(hmacBody))
    .digest('hex');
}
const crypto = require('crypto');


export const makeSign = (params) => {
  const { requestUrl, timestamp } = params;
  const bodyPayload = params.body ? JSON.stringify(params.body) : '';
  const hmacBody = timestamp + requestUrl + bodyPayload;
 
  return crypto
    .createHmac('sha256', params.secretKey)
    .update(Buffer.from(hmacBody))
    .digest('hex');
}