Enable/Update HMAC

This endpoint should not be consumed before every request that needs HMAC security. It should be consumed when there is no active traffic between us and the site. Failure to do this may create a race condition on active requests that require HMAC security, and these requests may result in an HMAC errorHmacDoesNotMatch error.

Enabling / Updating HMAC Security API Endpoint

PUT https://api-prod.alfa-instap-cpt.uk/secpub/hmac

This operation enables or updates HMAC security for the customer.

When there is no secret, this request will initialize it. Otherwise, it will update the existing HMAC secret.

Headers

Name

Type

Description

content-type*

string

application/json

x-api-key*

String

Replace your API key

Request Body

Name

Type

Description

hmacSecret*

string

The secret MAC to sign the payloads. It is a good idea to use UUID v4 when generating a safe MAC.

The system successfully saves HMAC's secret and enables HMAC for the customer.

{ message: 'Forbidden' }

A firewall rule protects (IP Whitelist ) each and every one of our endpoints. You will receive this response if your endpoint is not on the white list.

Example

curl --request PUT \
  --url https://api-prod.alfa-instap-cpt.uk/secpub/hmac \
  --header 'Content-Type: application/json' \
  --header 'x-api-key: YOUR-API-KEY' \
  --data '{
	"hmacSecret": "020194f9-8c09-42ed-9b8d-23fc777990fc"
    }'

PreviousAPI Security NextOverview

Last updated 4 months ago

Was this helpful?