Access to SolidGate API

To start accepting payments, even in the sandbox environment, you'll require credentials. The credentials are 2 pairs of Public(Merchant ID) and Secret(Private) Keys which should be applied for direct API calls and receiving webhook notifications accordingly.

Webhook keys have the prefix "wh_pk_/ wh_sk_" and API keys have the prefix "api_pk_ / api_sk_"

You can easily find your credentials the in Merchant Panel

Merchant ID and its Private Key shall be applied to calculate the signature. The signature allows verifying both the source and the integrity of the request details transmitted between the merchant and gateway. 

To authenticate, you should add the headers to each request in the following additional fields:

ParameterDescriptionExample
MerchantUnique merchant identification. Shall be shared at the moment of registration.api_pk_7b197........ba108f842
SignatureSignature of request. It allows verifying whether the request from the merchant is genuine on the payment gateway server.MjNiYjVj…ZhYmMxMzNiZDY=

Signature Creation

The value of a signature is a base64-encoded  value of hash function SHA-512. For the encryption key, merchant's secret key shall be applied. And for signature data the following string shall be used:

merchantId + requestJsonData + merchantId

ParameterDescription
merchantIDPublic Key 
requestJsonDataRequest body in JSON string
privateKeySecret Key for signature generation. It's provided at the moment of merchant registration

Example of signature creation in PHP

/**
 * @param string $data
 *
 * @return string
 */

private function generateSignature($data)
{
    return base64_encode(
        hash_hmac('sha512',
            $this->getMerchantId() . $data . $this->getMerchantId(),
            $this->getPrivateKey())
    );
}

If signature created is incorrect, you will get the following response:

Response Authentication | Fail

{
  "error": {
    "code": "1.01",
    "messages": [
      "Authentication failed"
    ]
  }
}

Webhook validation

For a callback notification, two parameters are added to the headers (in analogy to request to a gateway):


Merchant - wh_pk_
Signature - generateSignature ()


You need to get Merchant (wh_pk_) from the request headers. And check if you have such credentials; 

Generate a signature from the resulting body using generateSignature (as if you were sending a request to a gateway).

Example of signature creation

public function generateSignature ($ data)
{
    return base64_encode (
        hash_hmac ('sha512', $ wh_pk. $ data. $ wh_pk, $ wh_sk_)
    );
}

API Errors

In case you send an invalid request, don't include required fields or send fields in the invalid format you will receive the Error Response as provided below.

Error | Response Body Parameters

ParameterTypeDescriptionExample
errorobjectObject with information regarding error 
error:codestringError codes list2.01
error:messagesobjectError message 
error:messages:<attribute_name>stringAttribute name where the error was foundcurrency
error:messages:<error_message>arrayThe array of error message relating to the respective attributeThis value should not be blank.

Validation Error | Response Sample

{
    "error": {
        "code": "2.01",
        "messages": {
            "currency": [
                "Invalid Currency."
            ],
            "customer_email": [
                "This value should not be blank."
            ],
            "ip_address": [
                "This value should not be blank."
            ],
            "order_description": [
                "This value should not be blank."
            ],
            "order_id": [
                "This value should not be blank."
            ],
            "platform": [
                "This value should not be blank."
            ]
        }
    }
}