Authentication: Configuring Your Keys
Introduction
Before a merchant can start using the APIs or the SDK, an authentication secret must be generated. This secret differs between API and SDK usage.
Receiving keys
There are two sets of keys provided by Saber:
- Sandbox/Testing environment keys
- Production environment keys
Two pieces of information are provided to the merchant for each key:
- client_id
- client_secret
Using these, an authentication token is created by the merchant to authenticate requests.
Contact your Saber representative to get your keys.
Generating the authentication token
Use the following code to generate the X-Secret-Key
// Variables (these should be securely stored and handled)
var clientId = 'YOUR_CLIENT_ID'; // Replace with your actual client ID
var clientSecret = 'YOUR_CLIENT_SECRET'; // Replace with your actual client secret
// Step 1: Generate timestamp
var timestamp = Math.floor(Date.now() / 1000).toString();
// Step 2: Create the signature string
var sigString = clientId + timestamp; // When doing client operations (e.g. create a user)
// ------- OR -------
var sigString = clientId + timestamp + user_id; // When doing user operation (e.g. create OFFRAMP transaction)
// ------- OR -------
var sigString = clientId + timestamp + 'sdk' + user_id // When generating token for SDK access
// Step 3: Generate the HMAC-SHA256 signature
var signature = CryptoJS.HmacSHA256(sigString, clientSecret).toString().toUpperCase();
// The 'signature' can now be used to authenticate API requests
Updated 19 days ago