Signature

Generate HMAC hash signature to check that webhook is actually coming from BetEngine.

The Signature is calculated based on the timestamp, request body and your Secret Key with HMAC hash using SHA256 Algorithm.

Here is an example on how to generate the Signature for ticket_create action with Secret Key=12345ABCDE, timestamp=1706191612 and following request body:

{
    "action": "ticket_create",
    "data": {
        "operator": "acme",
        "ticket_id": "668ef666333180bba97f0c93",
        "ticket_code": "CD4BDD",
        "player_id": "sometokenvalue",
        "price": 500,
        "stake": 444,
        "wht_amount": 240,
        "wht": 10,
        "ext_amount": 56,
        "ext": 12.5,
        "ext_type": "inclusive",
        "gross_payout": 2842,
        "net_payout": 2602,
        "currency": "USD",
        "atag": "atag_value",
        "rtag": null,
        "ticket_type": "quickbet"
    }
}

In order to generate the Signature all spaces must be removed from the request body:

{"action":"ticket_create","data":{"operator":"acme","ticket_id":"668ef666333180bba97f0c93","ticket_code":"CD4BDD","player_id":"sometokenvalue","price":500,"stake":444,"wht_amount":240,"wht":10,"ext_amount":56,"ext":12.5,"ext_type":"inclusive","gross_payout":2842,"net_payout":2602,"currency":"USD","atag":"atag_value","rtag":null,"ticket_type":"quickbet"}}

Please note that the order of the fields matters for calculating the signature. It will always be action first then data. Fields in data must be in the same order they are listed on doc pages for actions.

Please note that optional fields, like atag or rtag will also be included in signature generation, even if they have null values. For example, if atag field has null value then it will be included in signature generation like so:

{...,"atag":null,...}

Then message for HMAC algorithm has to be formed using following template:

{timestamp}{request body with removed spaces}

So the message should look like the following:

1706191612{"action":"ticket_create","data":{"operator":"acme","ticket_id":"668ef666333180bba97f0c93","ticket_code":"CD4BDD","player_id":"sometokenvalue","price":500,"stake":444,"wht_amount":240,"wht":10,"ext_amount":56,"ext":12.5,"ext_type":"inclusive","gross_payout":2842,"net_payout":2602,"currency":"USD","atag":"atag_value","rtag":null,"ticket_type":"quickbet"}}

The computed Signature for this request is:

3fe37f41ba6dc960fd2a7098bd4643f971ff1408a31bcea9f3ef8d03b3ba2d0a

A free online HMAC Generator for testing is available on https://www.freeformatter.com/hmac-generator.html#before-output.

Here is how we calculated the Signature from above example using Free Formatter

Your Secret Key is located on your API Settings page. Login to Betstack to access your Secret Key

Secret Key is locate in API Settings profile page
PreviousHeadersNextPing

Last updated