“Create Order Payment” to Boxo Platform “Get Order Payment Status” to Boxo Platform
Choose from three types of algorithms for signing requests and validating them:
Select the hash function used for the signature:
“Api client ID” is an identifier for a Miniapp’s API
For RSA2 and ECDSA, choose between:
“Boxo public key” is used for validating request data on a Hostapp’s side.
“Hostapp public key” is used for validating request data from a Hostapp. This key belongs to the private key on a Hostapp’s side.
“HMAC Secret” is used in HMAC algorithm only.
“Headers map” is a JSON field used to set up custom headers in case a Hostapp wants to utilize their own request signaturing. These fields should be mapped:
“Signature payload template” is a string template field used to set up a custom payload format in case a Hostapp wants to utilize their own request signaturing. These fields should be mapped in the template:
{timestamp}
{nonce}
{identity}
{client_id}
{merchant_id}
{request_method} - Example: “POST”, "GET"
{url}
{payload} - this is “Request data/body”
“Signature template” is a string template field used to set up a custom signature header format in case a Hostapp wants to utilize their own request signaturing. These fields should be mapped in the template:
{signature}
“Timespec” is a field used while generating the current timestamp, defining time precision. Example: seconds, milliseconds
“Identity” is an optional static string that can be used in the signature payload and passed with headers to verify data integrity. Don’t forget to add it in “Headers map” and to “Signature payload template” as if used.
“Nonce” is an optional random string that can be used in the signature payload and passed with headers to verify data integrity. Length is set in “Nonce length”. Enabled via “Use nonce”. Don’t forget to add it in “Headers map” and to “Signature payload template” as if used.
“Request data encoding for payload” is a field that encodes Request data to “base64” or leaves it as plain text before formatting payload.
“Signature payload encoding” is a field that encodes the payload to “base64” or leaves it as plain text before signing it.
“Signature encoding” is a field that encodes the signature from bytes to “base64” or “hex” after signing payload.
“Use request data with spaces”
Example: If false {"a": "b"}
will become {"a":"b"}
in payload, if true {"a":"b"}
will become {"a": "b"}
in payload
“Sort request data keys”
Example: If true {"b": "1", "a": "2"}
will become {"a": "2", "b": "1"}
in payload
Merchant ID is an optional identifier unique to a Partnership. It is used to identify a miniapp in a Hostapp’s system. Don’t forget to add it in “Headers map” and to “Signature payload template” as if used. Merchant ID can be also specified in a Partnership settings.
Please provide the following information to Boxo, after setup Boxo will provide you with a public key to verify the signature:
{"signature": "X-Signature", "timestamp": "X-Timestamp", "client_id": "X-Client-Id"}
{timestamp}{client_id}{request_method}{url}{payload}
{signature}
“Create Order Payment” to Boxo Platform “Get Order Payment Status” to Boxo Platform
Choose from three types of algorithms for signing requests and validating them:
Select the hash function used for the signature:
“Api client ID” is an identifier for a Miniapp’s API
For RSA2 and ECDSA, choose between:
“Boxo public key” is used for validating request data on a Hostapp’s side.
“Hostapp public key” is used for validating request data from a Hostapp. This key belongs to the private key on a Hostapp’s side.
“HMAC Secret” is used in HMAC algorithm only.
“Headers map” is a JSON field used to set up custom headers in case a Hostapp wants to utilize their own request signaturing. These fields should be mapped:
“Signature payload template” is a string template field used to set up a custom payload format in case a Hostapp wants to utilize their own request signaturing. These fields should be mapped in the template:
{timestamp}
{nonce}
{identity}
{client_id}
{merchant_id}
{request_method} - Example: “POST”, "GET"
{url}
{payload} - this is “Request data/body”
“Signature template” is a string template field used to set up a custom signature header format in case a Hostapp wants to utilize their own request signaturing. These fields should be mapped in the template:
{signature}
“Timespec” is a field used while generating the current timestamp, defining time precision. Example: seconds, milliseconds
“Identity” is an optional static string that can be used in the signature payload and passed with headers to verify data integrity. Don’t forget to add it in “Headers map” and to “Signature payload template” as if used.
“Nonce” is an optional random string that can be used in the signature payload and passed with headers to verify data integrity. Length is set in “Nonce length”. Enabled via “Use nonce”. Don’t forget to add it in “Headers map” and to “Signature payload template” as if used.
“Request data encoding for payload” is a field that encodes Request data to “base64” or leaves it as plain text before formatting payload.
“Signature payload encoding” is a field that encodes the payload to “base64” or leaves it as plain text before signing it.
“Signature encoding” is a field that encodes the signature from bytes to “base64” or “hex” after signing payload.
“Use request data with spaces”
Example: If false {"a": "b"}
will become {"a":"b"}
in payload, if true {"a":"b"}
will become {"a": "b"}
in payload
“Sort request data keys”
Example: If true {"b": "1", "a": "2"}
will become {"a": "2", "b": "1"}
in payload
Merchant ID is an optional identifier unique to a Partnership. It is used to identify a miniapp in a Hostapp’s system. Don’t forget to add it in “Headers map” and to “Signature payload template” as if used. Merchant ID can be also specified in a Partnership settings.
Please provide the following information to Boxo, after setup Boxo will provide you with a public key to verify the signature:
{"signature": "X-Signature", "timestamp": "X-Timestamp", "client_id": "X-Client-Id"}
{timestamp}{client_id}{request_method}{url}{payload}
{signature}