How to sign your request

Library

To assist your development, you have libraries that facilitate this ecdsa verification, available at Git

Use

When sending a request to the Fabank API and you have sent a public key to our team, you must send a header called "signature" in the header. Which will be a base64 hash generated from the body of your request, as per the library instructions above.

You must use the private key that you generated according to this documentation, this will validate the origin of the request as legitimate.

Sample

   $priv = env('my_privatekey');

    $privateKey = EllipticCurve\PrivateKey::fromPem($priv);

    $message =
        [
            "amount" => 1.13,
            "expiration" => 3600,
            "tags" => [
                "my_transaction_id:12345"
            ]
        ];

    $message = json_encode($message);

    $signed = EllipticCurve\Ecdsa::sign($message, $privateKey);
    $signature = $signed->toBase64();


     $headers = array(
        "Content-Type:application/json",
        "signature:" . $signature        
    );

    $url = "https://dev-api.fabank.com.br/api/v1/operations/brcode/create";

    $ch = curl_init($url);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
    curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");
    curl_setopt($ch, CURLOPT_POSTFIELDS, $message);


    $response = curl_exec($ch);

    if (curl_errno($ch)) {
        echo 'Error: ' . curl_error($ch);
    } else {
        $result = json_decode($response, true);
        echo '<script>console.log(' . json_encode($result) . ')</script>';
    }