Access to SolidGate API

To start accepting payments, even in the sandbox environment, you'll require credentials. The credentials are 2 pairs of Public(Merchant ID) and Secret(Private) Keys which should be applied for direct API calls and receiving webhook notifications accordingly.

Webhook keys have the prefix "wh_pk_/ wh_sk_" and API keys have the prefix "api_pk_ / api_sk_".

You can easily find your credentials the in Merchant Panel.

Merchant ID and its Private Key shall be applied to calculate the signature. The signature allows verifying both the source and the integrity of the request details transmitted between the merchant and gateway.

To authenticate, you should add the headers to each request in the following additional fields:

Header	Description	Example
Merchant	Unique merchant identification. Shall be shared at the moment of registration.	api_pk_7b197........ba108f842
Signature	Signature of request. It allows verifying whether the request from the merchant is genuine on the payment gateway server.	MjNiYjVj…ZhYmMxMzNiZDY=

Signature Creation

The value of a signature is a base64-encoded value of hash function SHA-512. For the encryption key, merchant's secret key shall be applied. And for signature data the following string shall be used:

merchantId + requestJsonData + merchantId

Parameter	Description
merchantID	Public Key
requestJsonData	Request body in JSON string
privateKey	Secret Key for signature generation. It's provided at the moment of merchant registration

Signature Generation in PHP
                                    function generateSignature(string $jsonString): string
{
    return base64_encode(
        hash_hmac('sha512',
            "{{public_key}}" . $jsonString . "{{public_key}}",
            "{{private_key}")
    );
}
                                

Signature Generation in Go
                                    func GenerateSignature(jsonString string) string {
	payloadData := {{public_key}} + jsonString + {{public_key}}
	keyForSign := []byte({{private_key}})
	h := hmac.New(sha512.New, keyForSign)
	h.Write([]byte(payloadData))
	return base64.StdEncoding.EncodeToString([]byte(hex.EncodeToString(h.Sum(nil))))
}
                                

Signature Generation in Kotlin
                                    fun generateSignature(jsonString: String): String {
    val hmac = hmac("{{public_key}}" + jsonString + "{{public_key}}", "{{private_key}")

    return base64encode(hmac)
}
                                

Signature Generation in Python
                                    def __generate_signature(jsonString: str) -> str:
    encrypto_data = ("{{public_key}}" + jsonString + "{{public_key}}").encode('utf-8')
    sign = hmac.new("{{private_key}".encode('utf-8'), encrypto_data, hashlib.sha512).hexdigest()
    return base64.b64encode(sign.encode('utf-8')).decode('utf-8')
                                

Signature Generation in Node.js
                                    function generateSignature(jsonString) {
    var hashed = CryptoJS.HmacSHA512({{public_key}} + jsonString + {{public_key}}, {{private_key}});

    return Buffer.from(hashed.toString()).toString('base64')
}
                                

If signature created is incorrect, you will get the following response:

Response Authentication | Fail
                                    {
  "error": {
    "code": "1.01",
    "messages": [
      "Authentication failed"
    ]
  }
}
                                

Webhook validation

For a callback notification, two parameters are added to the headers (in analogy to request to a gateway):

Merchant - wh_pk_
Signature - generateSignature ()

You need to get Merchant (wh_pk_) from the request headers. And check if you have such credentials;

Generate a signature from the resulting body using generateSignature (as if you were sending a request to a gateway).

Example of signature creation
                                    public function generateSignature ($ data)
{
    return base64_encode (
        hash_hmac ('sha512', $ wh_pk. $ data. $ wh_pk, $ wh_sk_)
    );
}
                                

API Errors

In case you send an invalid request, don't include required fields or send fields in the invalid format you will receive the Error Response as provided below.

Error | Response Body Parameters

Parameter	Type	Description	Example
error	object	Object with information regarding error
error:code	string	Error codes list	2.01
error:messages	object	Error message
error:messages:<attribute_name>	string	Attribute name where the error was found	currency
error:messages:<error_message>	array	The array of error message relating to the respective attribute	This value should not be blank.

Validation Error | Response Sample
                                    {
    "error": {
        "code": "2.01",
        "messages": {
            "currency": [
                "Invalid Currency."
            ],
            "customer_email": [
                "This value should not be blank."
            ],
            "ip_address": [
                "This value should not be blank."
            ],
            "order_description": [
                "This value should not be blank."
            ],
            "order_id": [
                "This value should not be blank."
            ],
            "platform": [
                "This value should not be blank."
            ]
        }
    }
}
                                