Getting Started With API Security: Create a Request Signature with Rapyd Using cURL

Unlock the Power of APIs for Global Commerce and Payments

You order a next-day shipment online, grab the dishes, check tracking on your phone, clean the counter, make another mobile purchase…we multitask and make digital purchases now faster than ever. In today’s fast-paced digital world, the ability to connect and interact seamlessly with various platforms and services has become not only acceptable, but imperative for some. This holds especially true in the realm of fintech, where innovative solutions are transforming the way we handle payments, disbursements, and business transactions wherever we go. At the heart of this revolution lies the API (Application Programing Interface), the software protocol that empowers developers to create robust and interconnected systems.

Rapyd is a pioneering API-first company that is on a mission to liberate global commerce by providing developers with the tools they need to facilitate payments, payouts, and business transactions across borders. With a single API integration, Rapyd enables businesses to accept payments, send disbursements, hold funds in wallets, and issue virtual accounts and cards. What sets Rapyd apart from the competition is its unwavering commitment to security, vast payments network, and multiple platforms with one API making it an ideal choice for businesses operating in the fintech landscape.

Security is a primary concern in any API integration, particularly in the sensitive world of financial transactions. Rapyd recognizes this, and has implemented one of the strongest API authentication mechanisms in the fintech industry. By adhering to a robust set of authentication practices, Rapyd ensures that only authorized users can access and interact with its API, safeguarding data from tampering and thwarting unauthorized access attempts.

To shed light on the significance of API security, let’s take a closer look at the process of creating request signatures for the Rapyd API using cURL. Request signatures act as digital fingerprints that verify the authenticity and integrity of transmitted messages. When communicating with the Rapyd API, developers must calculate and include a signature as part of their requests. By employing a specific formula, developers can generate this signature, ensuring the secure transmission of data.

Creating a request signature involves multiple elements and calculations. Utilizing cURL, developers can perform the necessary steps to generate a secure request signature. This signature is then included in the API request’s signature header parameter, allowing Rapyd to validate the legitimacy of the message and protect against unauthorized access attempts.

Now, let’s dive into generating a signature request using Python and cURL. The following section and code snippet illustrates the process step-by-step:

  1. Open terminal and using command line, go to any desired folder.

  2. Copy and paste the following code into a text editor, and save to a file with extension .py in your current folder.


#!/usr/bin/env python3

import hashlib

import base64

import string

import time

import random

import hmac

path = '/v1/data/countries'

timestamp = int(time.time())

salt = ''.join(random.sample(string.ascii_letters + string.digits, 12))

access_key = '<<__your_keys_here>>' # Rapyd acces key

secret_key = '<<__your_keys_here>>' # Rapyd secret key

to_sign = 'get' + path + salt + str(timestamp) + access_key + secret_key + ''

h = hmac.new(bytes(secret_key, 'utf-8'), bytes(to_sign, 'utf-8'), hashlib.sha256)

signature = base64.urlsafe_b64encode(str.encode(h.hexdigest()))

curl = (f'curl -H "Content-Type: application/json" '

f'-H "access_key: {access_key}" '

f'-H "salt: {salt}" '

f'-H "timestamp: {timestamp}" '

f'-H "signature:{signature.decode("utf-8")}" '

f'https://sandboxapi.rapyd.net{path}')

print(curl)

  1. Go to Client Portal to start your account and verify your email.

  2. Go to the developers tab and grab your API keys.

  3. Copy your API keys and link them into your file (.py) in their corresponding locations (e.g. acces_key, secret_key).

Note: It is recommended to have variables and never expose your API keys when integrating.

  1. Return to your terminal in your current folder, and type python3.

  2. Paste in the code snippet, or type the full file name that contains the code. (e.g. rapyd_sample.py).

  3. Press Enter.

A cURL example should return with the generated signature including salt, and timestamp.

  1. Copy the cURL request including everything following the word curl. Paste is back into the terminal.

Note: For pretty print JSON, close with | json_pp.

  1. Press Enter.

The JSON response to List Countries should return.

The above code calculates the signature by combining various elements, including the HTTP method, URL path, salt, timestamp, access key, secret key, and body string. The resulting signature is a hash of this concatenation, encoded in Base64. This signature is then included in the request’s signature header parameter, enabling Rapyd to validate the authenticity of the message.

APIs have become the bridge that connects diverse platforms and services. With the rapid growth of the fintech industry, the power of APIs cannot be underestimated. By prioritizing API security and harnessing the capabilities of APIs like the Rapyd API, businesses and developers can unlock the potential of secure and efficient financial transactions, paving the way for a future where global commerce knows no boundaries.

It’s worth emphasizing the significance of maintaining the highest level of security when working with APIs. Rapyd’s stringent authentication procedures, coupled with the calculation of request signatures, ensure that only authorized users can interact with the API. This not only protects sensitive data but also safeguards businesses from unauthorized access attempts, bolstering trust and peace of mind.

As the fintech industry continues to evolve, APIs like Rapyd’s play a pivotal role in enabling seamless and secure global commerce. By embracing an API-first approach, Rapyd empowers developers to build powerful and interconnected systems that facilitate transactions, payments, and business operations on a global scale.

You can find the complete code for this tutorial in this GitHub repo.

Get started now by signing up for the Client Portal at Rapyd Client Portal. For any questions on integrating, you can join the Rapyd Developer Community at community.rapyd.net, create a post and connect with other developers.

3 Likes