Request format

Requests are to be sent via HTTP 2 or HTTP 1.1 using SSL (HTTPS) to the following address:

https://api.cryptonator.com/api/merchant/v1/<method>

Format of request parameters:

  • Key/value pairs, packed as HTTP 1.1 POST request parameters.
  • MIME type: application/x-www-form-urlencoded.
  • Character encoding: UTF-8.

Best security practices:

  • All API queries must be sent over HTTPS, plain HTTP requests will be refused.
  • Your application should verify the validity of the server's SSL certificate. If the SSL certificate did not pass the verification, connection must be aborted immediately to prevent an unauthorized access.

Sign requests with your secret_hash

Every request must contain correct secret_hash parameter.

A secret_hash contains the SHA-1 hash function value from packing ALL notification parameters together with your secret.

secret_hash = sha1(string&secret)

To check the integrity and authenticity of the received notification, compute the hash using the algorithm below.

Example format for the /getinvoice method

merchant_id&invoice_id&secret

Example string

0dd0cf6fd32308b34c6e8b9cb578251f&baf37c414289a5a07095990e536ca958&334cf656287417fe0c85e4

Example format for the /createinvoice method

merchant_id&item_name&invoice_currency&invoice_amount&checkout_currency&language&secret

Example string

0dd0cf6fd32308b34c6e8b9cb578251f&Футболка&rur&1500&bitcoin&ru&1457641674&334cf656287417fe0c85e4