API Reference
Home

Authenticate Cash-Out

To request a cash-out you need the certificate to sign your request

Your keys are generated from the administrative panel, both the PASSPHRASE and the PRIVATE CERTIFICATE.

Creating custom signature

Creating the Message

In this step we will create the message, for this we will need:

Your API TOKEN;
Date and time in UNIX format;
Request body;

Now let's format our message:

The request is always of type POST, convert the request body into a string. Then convert the created string to Base64 representation.
Building the message (pay attention to the : between the data):

message = apitoken:timestamp:bodyBase64

Signing the Message

Now with your private key sign your previously created message:

signature = ECDSA.sign(message, privateKeyBase64)

Once signed, convert the returned signature to base64 and send it in your request headers as Request-Signature.

<?php
function flattenJSON($obj) {
    $result = [];
    foreach ($obj as $key => $value) {
        $result[] = $prefix . $key . '=' . "$value";
    }

    sort($result);

    $ret = '';

    foreach ($result as $item) {
        $ret .= $item;
    }

    return trim($ret);
}

$api_token = "YOUR API TOKEN";
$timestamp = time() * 1000;

$body = [
    "value" => "1.01",
    "pixKey" => "04752435012",
    "description" => "Saque",
    "url_notify" => "https://webhook-test.com",
    "order_id" => "Oi123a"
];

$private = "-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgPAWN44ecFr/oVpTY
GuCbEHFnqzvwBvJhKlH78ZN24tyhRANCAARsqz66iyEHdXTdnU1G5h9de4JTtX5d
hqZo5IEMn+hZen+6A6l/uS9LKNz63gvBZtzDxBhUO8Y9Cn5jKe2aCIrM
-----END PRIVATE KEY-----";

$outputStrings = flattenJSON($body);

$bodyBase64 = base64_encode($outputStrings);

$message = "$api_token:$timestamp:$bodyBase64";

openssl_sign($message, $signature, $private, 'sha256');

$signatureBase64 = base64_encode($signature);

var_dump($signatureBase64, $timestamp);

import base64
import time
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.asymmetric import ec
from cryptography.hazmat.primitives.asymmetric import utils
from cryptography.hazmat.primitives.serialization import load_pem_private_key

def flatten_dict(obj, prefix=''):
    result = []
    for key, value in obj.items():
        if isinstance(value, dict):
            result.extend(flatten_dict(value, f"{prefix}{key}."))
        else:
            result.append(f"{prefix}{key}={value}")
    return result

def generate_message(api_token, timestamp, body):
    flattened_body = flatten_dict(body)
    flattened_body.sort()
    body_string = ''.join(flattened_body)
    
    body_base64 = base64.b64encode(body_string.encode()).decode()
    return f"{api_token}:{timestamp}:{body_base64}"

def sign_message(private_key, message):
    digest = hashes.Hash(hashes.SHA256(), backend=default_backend())
    digest.update(message.encode())
    digest_value = digest.finalize()

    signature = private_key.sign(digest_value, ec.ECDSA(utils.Prehashed(hashes.SHA256())))
    return base64.b64encode(signature).decode()

# Set the api token
api_token = 'YOUR API TOKEN'

# Date and time in UNIX format (Timestamp)
timestamp = int(time.time() * 1000)

# Request body
body = {
    'value': '1.01',
    'pixKey': '04752435012',
    'description': 'Saque',
    'url_notify': 'https://webhook-test.com',
    'order_id': 'Oi123a'
}

# Private key in PEM format
private_key_pem = """
-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgPAWN44ecFr/oVpTY
GuCbEHFnqzvwBvJhKlH78ZN24tyhRANCAARsqz66iyEHdXTdnU1G5h9de4JTtX5d
hqZo5IEMn+hZen+6A6l/uS9LKNz63gvBZtzDxBhUO8Y9Cn5jKe2aCIrM
-----END PRIVATE KEY-----
"""

# Load private key
private_key = load_pem_private_key(private_key_pem.encode(), password=None, backend=default_backend())

# Generate and sign the message
message = generate_message(api_token, timestamp, body)
signature_base64 = sign_message(private_key, message)

print(signature_base64, timestamp)

const crypto = require('crypto');

const flattenJSON = (obj, prefix = '') => {
	const result = [];
	for (const key in obj) {
		if (obj.hasOwnProperty(key)) {
			const value = obj[key];
				result.push(`${prefix}${key}=${value}`);
		}
	}
  
	result.sort();
  
	let ret = '';
	result.forEach(item => {
		ret += item;
	});
  
	return ret;
  }

// Set the api token (API TOKEN AQUI)
const api_token = 'YOUR API TOKEN';

// Date and time in UNIX format (Timestamp)
const timestamp = new Date().getTime();

// Request body
const body = {
    value: "1.01",
    pixKey: "04752435012",
    description: "Saque",
    url_notify: "https://webhook-test.com",
    order_id: "Oi123a"
};

const outputString = flattenJSON(body);

// Convert the request body to string and then to Base64
const bodyBase64 = Buffer.from(outputString).toString("base64");//btoa(outputString);

// Constructs the message in the format 'api_token:timestamp:bodyBase64'
const message = `${api_token}:${timestamp}:${bodyBase64}`;

// Private key in base64 format
const privateKeyPem = `-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgPAWN44ecFr/oVpTY
GuCbEHFnqzvwBvJhKlH78ZN24tyhRANCAARsqz66iyEHdXTdnU1G5h9de4JTtX5d
hqZo5IEMn+hZen+6A6l/uS9LKNz63gvBZtzDxBhUO8Y9Cn5jKe2aCIrM
-----END PRIVATE KEY-----`;

const signature = crypto.createSign('sha256').update(message).sign(privateKeyPem, 'base64');

console.log(signature, timestamp);

import java.nio.charset.StandardCharsets;
import java.security.*;
import java.util.Base64;
import java.util.HashMap;
import java.util.Map;
import java.util.TreeMap;
import java.security.spec.PKCS8EncodedKeySpec;
public class Assina {
    public static void main(String[] args) throws Exception {
        // Set the API token
        String apiToken = "YOUR API TOKEN";

        // Date and time in UNIX format (Timestamp)
        long timestamp = System.currentTimeMillis();

        // Request body
        Map<String, String> body = new HashMap<>();
        body.put("value", "1.01");
        body.put("pixKey", "04752435012");
        body.put("description", "Saque");
        body.put("url_notify", "https://webhook-test.com");
        body.put("order_id", "Oi123a");

        // Convert the request body to string and then to Base64
        String outputString = flattenMap(body);
        String bodyBase64 = Base64.getEncoder().encodeToString(outputString.getBytes(StandardCharsets.UTF_8));

        // Constructs the message in the format 'api_token:timestamp:bodyBase64'
        String message = apiToken + ":" + timestamp + ":" + bodyBase64;

        // Private key in base64 format
        String privateKeyPem = """
                -----BEGIN PRIVATE KEY-----
                MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgPAWN44ecFr/oVpTY
                GuCbEHFnqzvwBvJhKlH78ZN24tyhRANCAARsqz66iyEHdXTdnU1G5h9de4JTtX5d
                hqZo5IEMn+hZen+6A6l/uS9LKNz63gvBZtzDxBhUO8Y9Cn5jKe2aCIrM
                -----END PRIVATE KEY-----""";

        // Decode the private key from Base64
        byte[] privateKeyBytes = Base64.getDecoder().decode(stripPEMHeaders(privateKeyPem));
        KeyFactory keyFactory = KeyFactory.getInstance("EC");
        PrivateKey privateKey = keyFactory.generatePrivate(new PKCS8EncodedKeySpec(privateKeyBytes));

        // Create a Signature object and initialize it with the private key
        Signature signature = Signature.getInstance("SHA256withECDSA");
        signature.initSign(privateKey);

        // Update the data to be signed
        signature.update(message.getBytes(StandardCharsets.UTF_8));

        // Sign the data and encode it in Base64
        byte[] signedBytes = signature.sign();
        String signedMessage = Base64.getEncoder().encodeToString(signedBytes);

        System.out.println(signedMessage + " " + timestamp);
    }

    private static String flattenMap(Map<String, String> map) {
        TreeMap<String, String> sortedMap = new TreeMap<>(map);
        StringBuilder result = new StringBuilder();
        for (Map.Entry<String, String> entry : sortedMap.entrySet()) {
            result.append(entry.getKey()).append("=").append(entry.getValue());
        }
        return result.toString();
    }

    private static String stripPEMHeaders(String pem) {
        return pem.replace("-----BEGIN PRIVATE KEY-----", "")
                .replace("-----END PRIVATE KEY-----", "")
                .replaceAll("\\s", "");
    }
}

Set the api token

api_token = 'YOUR API TOKEN'

Date and time in UNIX format (Timestamp)

timestamp = int(time.time() * 1000)

Request body

body = {
'value': '1.01',
'pixKey': '04752435012',
'description': 'Saque',
'url_notify': 'https://webhook-test.com',
'order_id': 'Oi123a'
}

Private key in PEM format

private_key_pem = """
-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgPAWN44ecFr/oVpTY
GuCbEHFnqzvwBvJhKlH78ZN24tyhRANCAARsqz66iyEHdXTdnU1G5h9de4JTtX5d
hqZo5IEMn+hZen+6A6l/uS9LKNz63gvBZtzDxBhUO8Y9Cn5jKe2aCIrM
-----END PRIVATE KEY-----
"""

Load private key

private_key = load_pem_private_key(private_key_pem.encode(), password=None, backend=default_backend())

Generate and sign the message

message = generate_message(api_token, timestamp, body)
signature_base64 = sign_message(private_key, message)

print(signature_base64, timestamp)