Request Signing

Learn how Onside signs API requests securely with HMAC or signature headers. See example formats, key usage, and error handling.

To ensure the integrity and authenticity of requests, certain API keys require requests to be signed using HMAC-SHA256.

Signature parameters should be used when passing sensitive information. If the following URL parameters are present in the URL:

withdraw_address

Request Structure

Option 1: Header-based (recommended)

GET https://flow.onside.io?withdraw_address={withdraw_address}
X-Api-Key: your_api_key
X-Signature: your_signature

Option 2: Query-based

GET https://flow.onside.io?api_key={your_api_key}&withdraw_address={withdraw_address}&signature={your_signature}

Signature generation

const crypto = require("crypto");

const withdrawalAddress = "your_withdraw_address";
const secretKey = "your_secret_key"; // Provided securely by Onside

const stringToSign = `withdraw_address=${withdrawalAddress}`;
const signature = crypto
  .createHmac("sha256", secretKey)
  .update(stringToSign)
  .digest("hex");

Secret key

To enable request signing and receive your secret key, please contact your account manager at Onside Flow.

PreviousTechnical Integration NextOnside Flow API

Last updated 3 months ago

Was this helpful?