Authentication¶
Authentication with the Glo Currency API relies on correctly setting the headers on each request with the following data:
- Accept and Content-Type should be
"application/json" - Authorization is your application's API key, should be
Bearer [YOUR_API_KEY] - Authorization-Nonce is a string, which must be unique per request - generating a new GUID for every request is the preferred approach
- Authorization-Signature is a HMAC-SHA512 digest of the nonce, request method, URL, and a SHA512 hash of the request body - you will need your API Secret, to sign
You will also need:
- your API Secret, obtainable from our team
- the request body - this should be a JSON string
- the full request URL, including protocol, host, port and query parameters
Example data¶
For the following example, we will assume you are using the following details to create a Transaction:
- API Key:
YOUR_API_KEY - API Secret:
YOUR_API_SECRET - Nonce:
7d90bf64-59d2-4c7b-9930-25ddc75d0dc0 - A
POSTrequest tohttps://mw-sandbox.glocurrency.com/api/v1/customers/transactions - Request Body:
{
"type": "bank",
"input_currency_code": "USD",
"output_currency_code": "NGN",
"output_amount_in_cents": "100",
"sender": {
"type": "person",
"first_name": "Text",
"last_name": "Example",
"gender": "male",
"country_code": "USA",
"city": "City",
"street": "Street",
"postal_code": "12345",
"birth_date": "2997-01-01",
"phone_number": "+14158586273",
"email": "[email protected]",
"ip": "127.0.0.1",
"external_id": "1234"
},
"recipient": {
"first_name": "Text",
"last_name": "Example",
"birth_date": "1970-01-01",
"gender": "female",
"country_code": "USA",
"city": "City",
"street": "Street",
"postal_code": "12345",
"bank_code": "111",
"bank_account": "1111111111",
"bank_account_type": "current",
"phone_number": "+14158586273"
},
"external_id": "38976201-a8d5-4ce8-bc09-f5ffb6a89c36"
}
Building the signature¶
The string to sign is generated by concatenating request-specific strings together, joined with an ampersand (&):
- the
Authorization-Noncevalue - the HTTP verb, in uppercase
GETPOSTPUTPATCHDELETE
- the full request URL, including protocol, host, port, query parameters and anchors
- a SHA512 hex digest of the request body's JSON
- for the example data above, this will be
1464b036830722f2de3376775f47487140a48ef757150b4246f9aa8b6955da11a66b8df13176c57a32280f599f57c16185b34a2debf970ea59bcbdf49ce38744 - for
GETandDELETErequests this should be the SHA512 hash for the empty stringcf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
- for the example data above, this will be
- please note that, depending on the language, characters in the JSON may be escaped differently and your result might be different from this
For the example values above, this results in the following string to sign:
7d90bf64-59d2-4c7b-9930-25ddc75d0dc0&POST&https://mw-sandbox.glocurrency.com/api/v1/customers/transactions&1464b036830722f2de3376775f47487140a48ef757150b4246f9aa8b6955da11a66b8df13176c57a32280f599f57c16185b34a2debf970ea59bcbdf49ce38744
This string to sign is encrypted with the SHA512 algorithm and your API Secret, with the resulting value:
368758dbee729cef42fe1ce7dce252579ee16f5bee8703a723d33b6397eb2c859a0dac09aea3ce55b28ae9bfe470ba741ef24d6ffe742afe05e47985ebd3b41d
This is passed as the Authorization-Signature header for sending the request.
Full sample header¶
Accept: application/json
Content-Type: application/json
Authorization: Bearer YOUR_API_KEY
Authorization-Nonce: 7d90bf64-59d2-4c7b-9930-25ddc75d0dc0
Authorization-Signature: 368758dbee729cef42fe1ce7dce252579ee16f5bee8703a723d33b6397eb2c859a0dac09aea3ce55b28ae9bfe470ba741ef24d6ffe742afe05e47985ebd3b41d
API Environments¶
- For testing, use
https://mw-sandbox.glocurrency.com/api/v1/customers/ - For production, use
https://mw-production.glocurrency.com/api/v1/customers/
You will need a valid API Key and API Secret for each environment, obtainable from our team once your application has been approved.