Documentation


Welcome to Deko Docs! Here you'll find a comprehensive integration guide and API documentation to help you get up and running with Deko.


Get Started

Headers & Authentication

Deko’s API uses public-key cryptography for security to both authenticate and authorise the requester. A public and private key of 64 randomised letters and numbers will be provided to the E Agent for both the test and live environment. Each public key also has a whitelist for additional security so an IP needs to be given to Deko for this. The API has a single entry point for all requests, the operation is within the JSON.

Test Address: https://test.dekopay.com/API

Live Address: https://secure.dekopay.com/API

Method: POST

Headers
Request
Description

Authorisation

HMAC

Public-Key

[Public Key]

Public Key provided by Deko

Auth-Token

[Hashed Token]

Hashed version of the private key (provided by Deko along with the public key) using HMAC SHA-256 encryption on the combined request string as seen below . The following PHP code describes how it is hashed.

Content-Length

[Length of content]

Length of the request JSON

Content-MD5

[Hash of content]

MD5 Hash of the content

Content-Type

application/json

Timestamp

[Current Timestamp]

Time of the request in ISO 8061’ (i.e. 2014-07-21T15:41:46+01:00).

$privateKey = [Private Key]
$contentMd5 = base64_encode(md5([Content], true));
$timestamp =  date("c”);
$requestString = join("_", array("POST", $timestamp, $contentMd5));
[Hashed Token] = base64_encode(hash_hmac("sha256", $requestString, $privateKey, true));

Headers & Authentication