Skip to main content

Description

Using this API, you can interact with M4 payment platform: accept payments, make payments and perform other operations supported by the platform. API runs over HTTP(S) protocol and uses JSON format to exchange data. All API requests must use UTF-8 encoding and specify the Content-Type: application/json header. Each request must be signed, the signature generation process is described below, in the Request signature section. We use the ISO 8601 standard as the date and time formats, if the time zone is not specified, then UTC+03:00 is assumed.

Request signature

Request signature

Every API request must be signed so that we can identify your account. The signature is transferred in the request body through the sign parameter, for example:
All further request examples do not include the "sign" parameter, nevertheless your real requests must include it in the request body where required. Signature line is generated according to the following algorithm: all request parameters involved in signature generation are ordered in the alphabetical order of keys, the values are concatenated with a colon (”:”) and the account secret key is added at the end (without the colon), a sha256 hash is generated from the resulting line and its hex representation is passed in the sign request parameter.
Signature line is generated according to the following algorithm: all request parameters involved in signature generation are ordered in the alphabetical order of keys, the values are concatenated with a colon (”:”) and the account secret key is added at the end (without the: sign), a sha256 hash is generated from the resulting line and its hex representation is passed in the sign request parameter.

Example of signature generation for a method invoice/create:

  1. Determining the list of parameters. It looks as follows for the method in consideration:
  • shop_id
  • shop_order_id
  • amount
  • currency
  • payway
  1. Let’s sort keys in alphabetical sequence: "amount", "currency", "payway", "shop_id", "shop_order_id"
  2. The line for generating the SHA256 hash will be as follows: 6320.91:840:card_invoice_usd:1520:5b0efa8a-153b-4421-abac-2aba4d772a86account-secret-key" Where account-secret-key is the secret identification key for your account. You can request a key from the support service.
  3. Let’s get a hash expression of the generated line using Python code:
string\_to\_sign = '6320.91:840:card\_invoice\_usd:1520:5b0efa8a-153b-4421-abac-2aba4d772a86account-secret-key' import hashlib sign = hashlib.sha256(string\_to\_sign.encode()).hexdigest() print(sign) '77a6f7a30876d480d4e771d08cb83800dd5cb874664c77e515ffc052b20293c6'