Guides

Authentication: Configuring Your Keys

Suggest Edits

Introduction

Before a merchant can start using the APIs or the SDK, an authentication secret must be generated. This secret differs between API and SDK usage.

Receiving keys

There are two sets of keys provided by Saber:

  1. Sandbox/Testing environment keys
  2. Production environment keys

Two pieces of information are provided to the merchant for each key:

  • client_id
  • client_secret

Using these, an authentication token is created by the merchant to authenticate requests.

Contact your Saber representative to get your keys.

Generating the authentication token

The auth token, called X-Secret-Key, is generated in two cases:

  1. When performing client operations
  2. When using the SDK

Both cases differ in the generation of the X-Secret-Key.

When performing client operations

Use the following code to generate the X-Secret-Key

// Variables (these should be securely stored and handled)
var clientId = 'YOUR_CLIENT_ID'; // Replace with your actual client ID
var clientSecret = 'YOUR_CLIENT_SECRET'; // Replace with your actual client secret

// Step 1: Generate timestamp
var timestamp = Math.floor(Date.now() / 1000).toString();

// Step 2: Create the signature string
var sigString = clientId + timestamp;

// Step 3: Generate the HMAC-SHA256 signature
var signature = CryptoJS.HmacSHA256(sigString, clientSecret).toString().toUpperCase();

// The 'signature' can now be used to authenticate API requests

When using the SDK

Use the following code to generate the secret. Please note, that this has to be generated for each user

// Variables (these should be securely stored and handled)
var clientId = 'YOUR_CLIENT_ID'; // Replace with your actual client ID
var clientSecret = 'YOUR_CLIENT_SECRET'; // Replace with your actual client secret
var user_id = 'USER_ID'; // Replace with the user's ID

// Step 1: Generate timestamp
var timestamp = Math.floor(Date.now() / 1000).toString();

// Step 2: Create the signature string
var sigString = clientId + timestamp + "sdk" + user_id;

// Step 3: Generate the HMAC-SHA256 signature
var signature = CryptoJS.HmacSHA256(sigString, clientSecret).toString().toUpperCase();

// The 'signature' can now be used to authenticate the SDK request

Updated about 1 month ago