RemitPro - API International Remittance
  1. Getting Strated Guide
RemitPro - API International Remittance
  • Getting Strated Guide
    • 1. Overview
    • 2. High Level Flow
    • 3. Supported Corridors
    • 4. Authorization & Scope
    • 5. Handle Error
    • 6. Signature
    • 7. API Host
  • Test Scenario
  • API Reference (V1)
    • Authentication
      • Generate Token
      • Refresh Token
    • Master Data
      • Onboarding
        • Id Type Personal
        • Id Type Business
  1. Getting Strated Guide

6. Signature

Signature is used by RemitPro to verify that your request is not altered by attackers. The outline of the HMAC validation process is as follows:
1.
Retrieve Timestamp from HTTP Header (Date)
2.
Retrieve the API Key form HTTP Header (ClientSecret)
3.
Lookup the API Secret corresponding to the received key in internal store
4.
Retrieve client HMAC from HTTP Header (Signature)
5.
Calculate HMAC using the API Secret as the HMAC secret key
6.
Compare client HMAC with calculated HMAC

6.1 Generate Signature#

SHA-256 HMAC is used to generate the signature with your API secret as the key.
Signature = HashBase64Encode (HmacSHA256(StringToSign, hmacSecret)).
The StringToSign will be a colon-separated list derived from some request data as below:
StringToSign = "(request-target):" +" " + HTTPMethod + " " + RelativeUrl +"\n" + "date: " + FormatDate
Example StringToSign: (request-target): post /customer
date: 2020-02-03T10:00:00.000+07:00
And the result for generate signature put in variable Signature header as below:
RemitPro-Signature = "Signature KeyId=" + hmacKey + ",algorithm="hmac-sha256",headers="(request-target) date",signature="" + Signature + ""
Example result Signature data:
Signature
KeyId="5ed0eee4e661f9128fbcb02295b77f27c5c841438f0508e6a00b2a47",algorithm="hmac-
sha256",headers="(request-target)
date",signature="BLWYsI1XqbWSJ6nPhhnZmrlRm%2FKZJkzRkUuhW2a5td4%3D"

6.2 Sample Pre-request Script#

pm.sendRequest({
url: pm.environment.get("hostname") + "/authentication-server/oauth/token",
method: 'POST',
header: {
'Accept': 'application/json',
'Content-Type': 'application/x-www-form-urlencoded',
'Authorization': pm.environment.get("basicOAuth2")
},
body: {
mode: 'urlencoded',
urlencoded: [
{ Key: "grant_type", value: "client_credentials", disabled: false }
]
}
}, function (err, res) {
pm.globals.set("token", res.json().access_token);
console.log(res.json().access_token)
});
var randomNumber = Math.floor(Math.random() * (9999999999999999 - 100000 + 1)) + 100000;
var request = {
}
var body = JSON.stringify(request);
var replaceBody = body.replace(/\n/g, "").replace(/\r/g, "").replace(/\t/g, "").replace(/\s/g, "");
var digestBody = CryptoJS.SHA256(replaceBody);
var dateRequest = new Date().toGMTString();
var hmacKey = pm.environment.get("hmacKey");
var hmacSecret = pm.environment.get("hmacSecret");
var url = pm.request.url.getPathWithQuery();
var signatureContentString = "(request-target): post " + url + "\n";
signatureContentString = signatureContentString + "date: " + dateRequest;
//signatureContentString = signatureContentString + "RemitPro-digest: " + digestBody;
var hash = CryptoJS.HmacSHA256(signatureContentString, hmacSecret);
var hashInBase64 = CryptoJS.enc.Base64.stringify(hash);
var hashInBase64UrlEncoded = encodeURIComponent(hashInBase64);
var signature = 'Signature KeyId="' + hmacKey + '",algorithm="hmac-sha256",headers="(request-target) date",signature="' + hashInBase64UrlEncoded + '"';
postman.setGlobalVariable("digestBody", digestBody);
postman.setGlobalVariable("body", body);
postman.setGlobalVariable("dateRequest", dateRequest);
postman.setGlobalVariable("signature", signature);
Modified at 2025-08-28 03:11:11
Previous
5. Handle Error
Next
7. API Host
Built with