Introduction

Before a merchant can start using the APIs or the SDK, an authentication secret must be generated. This secret differs between API and SDK usage.

Receiving keys

There are two sets of keys provided by Saber:

Sandbox/Testing environment keys
Production environment keys

Two pieces of information are provided to the merchant for each key:

API Key (client_id)
API Secret(client_secret)

Using these, an authentication token (API Signature) is created by the merchant to authenticate requests.

Contact your Saber representative to get your keys.

Generating the authentication token

Use the following code to generate the X-Secret-Key

// Variables (these should be securely stored and handled)
var clientId = 'YOUR_API_KEY'; // Replace with your actual API Key
var clientSecret = 'YOUR_API_SECRET'; // Replace with your actual client secret

// Step 1: Generate timestamp
var timestamp = Math.floor(Date.now() / 1000).toString();



// Step 2: Create the signature string
var sigString = clientId + timestamp; // When doing client admin operations (e.g. create a user)
// ------- OR -------
var sigString = clientId + timestamp + user_id; // When doing user operation for a specific user (e.g. create OFFRAMP transaction)
// ------- OR -------
var sigString = clientId + timestamp + 'sdk' + user_id // When generating token for web-widget access



// Step 3: Generate the HMAC-SHA256 signature
var signature = CryptoJS.HmacSHA256(sigString, clientSecret).toString().toUpperCase();

// The 'signature' can now be used to authenticate API requests

📘
Earlier nomenclature of headers X-CLIENT-ID (client id) and X-CLIENT-SECRET (genrated signature) are replaced with:
X-CLIENT-ID: X-API-KEY
X-CLIENT-SECRET: X-SIGNATURE
You might find the older reference in some documentation. While we suggest you use the new headers, both will work properly as these are backwards compatible.