This API allows merchants to generate deposit addresses and URLs for customers to deposit funds into their accounts. It uses both hashing and signing for security purposes, ensuring the integrity of the requests.

How to Generate a Signature

Signature & API Key

  • The request must include an X-Api-Key header containing your Paybin API key.
  • The body of the request is signed using the merchant’s private key (using SHA-512), and the signature is sent in the X-Signature header.
Signature Example

Security Best Practices:

  • Hashing: Ensure the correct order and concatenation of parameters before generating the hash.
  • Signing: Use the merchant's private key to sign the body of the request and include the X-Signature in the headers for verification.
  • API Key: Always keep your ApiKey confidential and use it in the request headers to authenticate.

Request Parameters:

ParameterTypeDescription
PublicKeyStringThe merchant’s public key.
ReferenceIdStringA unique identifier for the transaction.
AmountNumberThe amount to be deposited.
CurrencyStringThe fiat currency or crypto (e.g., USD, EUR, BTC).
RedirectUrlStringThe URL the customer will be redirected to after a successful deposit.
CallbackUrlStringA URL that Paybin will call with the transaction result.
CancelUrlStringThe URL the customer will be redirected to if they cancel the deposit.
SymbolStringThe cryptocurrency symbol (e.g., BTC, ETH).
LanguageStringThe language code for the deposit page (e.g., en, es).

Create request

curl -X POST 'https://sandbox.paybin.io/v1/deposit/url/generate' 
  -H 'X-Api-Key: {SecretKey}' 
  -H 'X-Signature: {Signature}' 
  -H 'Content-Type: application/json' 
  --data '{
    "ReferenceId": "REF1234567890",
    "PublicKey": "{PublicKey}",
    "Currency": "USD",
    "Amount": "1000.00",
    "Language": "EN",
    "Symbol": "BTC",
    "CallbackUrl": "https://yourdomain.com/callback",
    "RedirectUrl": "https://yourdomain.com/success"
}'

The CallbackUrl and RedirectUrl parameters are optional:

  • CallbackUrl: If provided, we will send a POST request with the deposit status.
  • RedirectUrl: If provided, the user will be redirected here after the deposit is completed.
Set default values on Portfolio

Response:

{
  "apiVersion": "0.1.0.20",
  "data": {
    "url": "DepositURL"
  },
  "code": 200,
  "message": "OK",
  "rg": "65f42de0-9f9b-4bf0-92a0-48a4db0c9e39"
}

All signed requests must include the following headers. Signed token will expire in 1 minute.

Current supported languages are EN,TR,JA,DE,ES,FR,PT

Generate Payment Address

This API endpoint allows you to retrieve a deposit address for a specified cryptocurrency. The deposit address can then be displayed within your application for users to make deposits.

Endpoint

POST https://sandbox.paybin.io/v1/deposit/address/create

Request Headers

  • Token: Your API token for authentication.
  • Content-Type: Set to application/json.
Get your Token

Request Body Parameters

  • PublicKey (string): Your public key.
  • Symbol (string): The symbol of the cryptocurrency (e.g., BTC, ETH, USDT, See all Symbols)
  • ReferenceId (string): A reference ID for the payment or user.
  • CallbackUrl (string, optional): URL for callback notifications.
  • Label (string, optional): A label for the address.
  • Hash (string): A hash generated for security.

Hash Generation

The hash is created using the following fields concatenated together: PublicKey, Symbol, Label, ReferenceId, CallbackUrl, and a secretKey. The hash ensures the integrity and authenticity of the request.

How to create hash

CryptoJS.MD5(publicKey + data.Symbol + data.Label + data.ReferenceId + data.CallbackUrl + secretKey).toString();
How to Generate a Signature

Create Request

curl --location 'https://sandbox.paybin.io/v1/deposit/address/create' 
--header 'Token: {TOKEN}' 
--header 'X-Signature: {Signature}' 
--header 'Content-Type: application/json' 
--data '{
    "PublicKey":"{PublicKey}",
    "Symbol":"ETH",
    "ReferenceId":"PaymentOrUserReference",
    "CallbackUrl":"",
    "Label":"Label",
    "Hash":"{Hash}"
}'

Response:

{
  "apiVersion": "0.1.0.20",
  "data": {
    "wallet": "0x43b4d0bc8cb6a79c884a7c0c93ce99d68ad8e4f0",
    "requestId": "f5d30491-8c24-467d-b772-bac9e937e630",
    "referenceGuid": "7f9094ea-ea48-4de1-ad78-88e8214bc118",
    "symbol": "ETH",
    "network": "Ethereum",
    "price": {
      "usd": 3137.235,
      "gbp": 2479.84845,
      "eur": 2974.90075,
      "try": 108374.405,
      "jpy": 483852.58
    }
  },
  "code": 200,
  "message": "OK"
}

Notifier

When a deposit is completed, Paybin will send a POST request to the CallbackUrl with the following parameters:

{
  "Address": "DEPOSIT_ADDRESS",
  "UniqueId": "DEPOSIT_TX_ID",
  "Amount": 15,
  "Symbol": "USDT",
  "ReferenceId": "{YOUR_REFERENCE_ID}",
  "Price": {
    "USD": 15,
    "GBP": 11.92,
    "EUR": 14.27,
    "TRY": 519.66,
    "JPY": 2299.20
  },
  "Signature": "{REQUEST_SIGNATURE}",
  "Hash": "UniqueCallbackHash",
  "OrderId": 1
}

If the CallbackUrl does not return OK (200) status, Paybin will retry the callback. In some case, Paybin will retry the callback a few times, you can use Hash parameter to check if the callback is already processed.

Callback Handling

When Paybin sends a callback request to your server, you should verify the integrity of the request by checking the Signature parameter. The signature is generated using the following fields: secretKey and UniqueId (the unique identifier of the transaction).

Signature Generation

// Required parameters
const crypto = require('crypto');

// Function to generate the signature
function generateSignature(secretKey, uniqueId) {
  // Concatenate secretKey and UniqueId
  const data = `${secretKey}${uniqueId}`;

  // Create an MD5 hash
  const signature = crypto
    .createHash('md5')
    .update(data)
    .digest('hex');

  return signature;
}

// Example usage:
const secretKey = 'your-secret-key';
const uniqueId = 'transaction-unique-id';

const generatedSignature = generateSignature(secretKey, uniqueId);
console.log(`Generated Signature: ${generatedSignature}`);

Verification

To verify the integrity of the callback request, you can use the following steps:

Deposit Verification Request

curl --location 'https://sandbox.paybin.io/v1/deposit/verification' 
--header 'Token: {TOKEN}' 
--header 'X-Signature: {Signature}' 
--header 'Content-Type: application/json' 
--data '{
    "PublicKey":"{PublicKey}",
    "TxId":"UniqueId",
    "Address":"Address",
    "Amount": 0.001
}'

Response:

{
  "apiVersion": "0.1.0.20",
  "data": {
  "Address": "Address",
  "UniqueId": "UniqueId",
  "Amount": 100.50,
  "Symbol": "USDT",
  "ReferenceId": "ReferenceId",
  "Price": {
      "USD": 15,
      "GBP": 11.92,
      "EUR": 14.27,
      "TRY": 519.66,
      "JPY": 2299.20
    },
  "OrderId": 123456
}
  "code": 200,
  "message": "OK"
}

You can request to Paybin to verify the deposit transaction by sending the TxId, Address, and Amount parameters. Paybin will return the transaction details if the transaction is valid.

Was this page helpful?