Signature Generation
Before submitting a request, a digital signature should be generated and included in the request header signature.
All requests passed from/to the Operator’s system must have a signature header.
Algorithm Steps
The algorithm includes the following steps:
- Input validation - the following requirements should be met:
-
The payload matches the JSON format.
-
The
operatorIdandsecretKeyare available. (Provided by Veligames)
- Conversion of all the strings to UTF-8 with alphabetical sorting. Complete the following steps:
- Convert each parameter into a string that contains the full path to the parameter, parameter name, and parameter value.
<parent_1>:...:<parent_n>:<parameter_name>:<parameter_value>
-
The parent names, parameter names, and parameter values are separated by a colon (:); delete any commas between “key-value” pairs and any quotation marks that delimit string values.
-
Leave any empty parameter values empty. In other words, do not replace any empty values with blank space or null. For instance, "brandId":"" is replaced with brandId:.
-
Convert all the strings to UTF-8.
-
Sort the strings in alphabetical order and join them in a single string by using a semicolon (;) as a delimiter.
-
Calculation of HMAC code by using the secret key and the SHA-512 hash function
-
Encoding the HMAC code by using the Base64 scheme.
-
Add the signature header in the request and the value should be
operatorId:encodedSignature
Step-By-Step Guide (Node.js Example)
Use the query params object if the request method is GET, else use the body object.
{
brandId: 'yourBrand',
gameId: 'garage',
deviceType: 'DESKTOP',
providerId: 'infinity',
language: 'en',
playerId: 'PLAYER-uuid',
currency: 'EUR',
country: 'UK',
sessionId: '550e8400-e29b-41d4-a716-446655440000',
ip: '0.0.0.0'
}
In the case of the following input:
- The strings should be converted to UTF-8.
- Sorted in alphabetical order.
- Joined in a single string by a semicolon (;).
- The output should be:
The output should be:
brandId:yourBrand;country:UK;currency:EUR;deviceType:DESKTOP;gameId:garage;ip:0.0.0.0;language:en;playerId:PLAYER-uuid;providerId:infinity;sessionId:550e8400-e29b-41d4-a716-446655440000
Now, the HMAC code for the string should be calculated by using the SHA-512 hash function and secret key encoding HMAC code by using the Base64 scheme.
const hmac = crypto.createHmac('sha512', operatorSecret);
hmac.update(data);
return hmac.digest('base64');
The resulting signature should be:
0tZAz8d4gy6oG5RFcaSeEqCjXOhlpX8qCTmzIY9V9lEbyTr5wMnLgIgX1IUL3a0F/xOCgT/hBmyOBME3wYauYw==
Finally, add the resulting signature in the headers:
signature: "operatorId:0tZAz8d4gy6oG5RFcaSeEqCjXOhlpX8qCTmzIY9V9lEbyTr5wMnLgIgX1IUL3a0F/xOCgT/hBmyOBME3wYauYw=="
To test your signature generation logic. you can use this request
curl -X 'POST' \
'https://stage-api.velitech.games/unified-api/public/gen-signature?secret=YOUR_SECRET_KEY' \
-H 'accept: */*' \
-H 'Content-Type: application/json' \
-d '{
"providerId": "koibit",
"gameId": "OlympianTreasures",
"language": "en",
"playerId": "PLAYER-112312fa1243",
"currency": "XAF",
"deviceType": "DESKTOP",
"country": "GE",
"brandId": "yourBrand",
"sessionId": "6c210f45-0cae-4dc9-a9ab-8fe48f4406ba",
"ip": "188.160.1.239"
}'
It will return how string should be concatenated and final hash for your secretKey. For example
[
"brandId:yourBrand;country:GE;currency:XAF;deviceType:DESKTOP;gameId:OlympianTreasures;ip:188.160.1.239;language:en;playerId:PLAYER-112312fa1243;providerId:koibit;sessionId:6c210f45-0cae-4dc9-a9ab-8fe48f4406ba",
"FlGw7K/ZXqbh3SWOfD7OzQ+ZQ+5vo/0fYzbwk/Lq92341hY4Ks1Xc6KVzfd1VsNhhZ4xvi2A=="
]