Protecting your calls
This guide helps you enable route protection in your requests to the Fabank API
Fabank prioritizes the security of its operation and recommends enabling a signature on its requests, below see how to proceed.
Steps
- To enable request validation, you initially need to create a public key and a private key, see here.
- Share the public key generated in the previous step with the Fabank support team() who is monitoring your integration process.
- Send your call signature in the request header. Consult here.
Sample
$priv = env('my_privatekey');
$privateKey = EllipticCurve\PrivateKey::fromPem($priv);
$message =
[
"amount" => 1.13,
"expiration" => 3600,
"tags" => [
"my_transaction_id:12345"
]
];
$message = json_encode($message);
$signed = EllipticCurve\Ecdsa::sign($message, $privateKey);
$signature = $signed->toBase64();
$headers = array(
"Content-Type:application/json",
"signature:" . $signature
);
$url = "https://dev-api.fabank.com.br/api/v1/operations/brcode/create";
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");
curl_setopt($ch, CURLOPT_POSTFIELDS, $message);
$response = curl_exec($ch);
if (curl_errno($ch)) {
echo 'Error: ' . curl_error($ch);
} else {
$result = json_decode($response, true);
echo '<script>console.log(' . json_encode($result) . ')</script>';
}Updated about 1 year ago