API Documentation
  • Introduction
  • Getting Started
  • Signature
  • Bet Card API
    • Calculator
      • Finance details
    • Jackpot
      • Get Jackpot Cards
      • Get Jackpot Card by code
      • Pick Jackpot Bets
    • Quicktip
      • Get Quicktip Cards
      • Get Quicktip Card by code
    • Smartbet
      • Get Smartbert cards
      • Get Smartbet Card by code
      • Generate a Smartbet
    • Quickbet
      • Get Quickbet Cards
      • Get Quickbet Card by code
    • Superbet
      • Get Superbet Cards
      • Get Superbet Card by code
  • Bet Engine API
    • Headers
    • Create ticket endpoint
      • Quicktip
      • Smartbet
      • Quickbet
      • Superbet
      • Jackpot
    • Reserve ticket endpoint
      • Quicktip
      • Smartbet
      • Quickbet
      • Superbet
      • Jackpot
    • Paid ticket endpoint
    • Get ticket endpoint
    • Get ticket list endpoint
    • Fields
    • Error codes
  • PAM Platform API
    • Headers
    • Signature
    • Ping
    • Identify
    • Create a ticket
    • Reserve the ticket
    • Update the ticket
    • Close the ticket
    • Refund the ticket
    • Win the ticket
    • Lose the ticket
    • Void the ticket
    • Discard the ticket
    • Rollback the ticket
  • SMS notifications
    • Headers
    • Signature
    • Notification types
      • otp
      • ticket_status
      • bet_result (not supported)
  • API Docs
    • [api /bc] Bet Card
    • [api /be] Bet Engine
Powered by GitBook
On this page

Signature

Generate HMAC hash signature to access Betstack APIs

Some APIs require signature in incoming requests (like BetEngine API).

The Signature is calculated based on the timestamp, request body and your Secret Key with HMAC hash using SHA256 Algorithm.

Here is an example on how to generate the Signature for create /ticket request with Secret Key=12345ABCDE, timestamp=1706090303 and following request body:

{
    "operator": "site",
    "token": "UnIqUe-ToKeN",
    "price": 5000,
    "currency": "KES",
    "atag": "affiliate-1",
    "source": "mobile",
    "type": "superbet",
    "event": 100001,
    "bets": [101, 102, 103, 104, 105, 106]
}

In order to generate the Signature all spaces must be removed from the request body:

{"operator":"site","token":"UnIqUe-ToKeN","price":5000,"currency":"KES","atag":"affiliate-1","source":"mobile","type":"superbet","event":100001,"bets":[101,102,103,104,105,106]}

Please note that the order of the fields matters for calculating the signature. Fields must be in the same order they are listed on doc pages for requests.

Please note that optional fields, like atag must also be included in signature generation, even if they have null values. For example, if atag field has null value then it must be included in signature generation like so:

{...,"atag":null,...}

Then message for HMAC algorithm has to be formed using following template:

{timestamp}{request body with removed spaces}

Please note that for requests that have no body, like GET requests, above template will only consist of {timestamp}.

So the message should look like the following:

1706090303{"operator":"site","token":"UnIqUe-ToKeN","price":5000,"currency":"KES","atag":"affiliate-1","source":"mobile","type":"superbet","event":100001,"bets":[101,102,103,104,105,106]}

The computed Signature for this request is:

f99aee9f77eef1ee8b64c78e7f8612e3234f03cce5fecdebd7ea27f2b9081423

A free online HMAC Generator for testing is available on https://www.freeformatter.com/hmac-generator.html#before-output.

Here is how we calculated the Signature from above example using Free Formatter

Your Secret Key is located on your API Settings page. Login to Betstack to access your Secret Key

PreviousGetting StartedNextBet Card API

Last updated 8 months ago

Secret Key is locate in API Settings profile page