Deko’s API uses public-key cryptography for security to both authenticate and authorise the requester. A public and private key of 64 randomised letters and numbers will be provided to the E Agent for both the test and live environment. Each public key also has a whitelist for additional security so an IP needs to be given to Deko for this. The API has a single entry point for all requests, the operation is within the JSON.
Test Address: https://test.dekopay.com/API
Live Address: https://secure.dekopay.com/API
Public Key provided by Deko
Hashed version of the private key (provided by Deko along with the public key) using HMAC SHA-256 encryption on the combined request string as seen below . The following PHP code describes how it is hashed.
[Length of content]
Length of the request JSON
[Hash of content]
MD5 Hash of the content
Time of the request in ISO 8061’ (i.e. 2014-07-21T15:41:46+01:00).
$privateKey = [Private Key] $contentMd5 = base64_encode(md5([Content], true)); $timestamp = date("c”); $requestString = join("_", array("POST", $timestamp, $contentMd5)); [Hashed Token] = base64_encode(hash_hmac("sha256", $requestString, $privateKey, true));