All API requests to Paywint must be made over HTTPS and authenticated using an API key. Include the API key in the request header as X-Platform-ID, and the HMAC-SHA256 signature in X-Signature. Learn how to generate signatures → The signature should be generated using your platform’s secret key and the canonical string format: METHOD + PATH + QUERY + BODY_HASH
Example Api Call
curl -X POST "https://<environment>/api/platform/users/create" \
  -H "Content-Type: application/json" \
  -H "X-Platform-ID: YOUR_API_KEY" \
  -H "X-Signature: GENERATED_SIGNATURE" \
  -d '{
    "name": "John Doe",
    "email": "john@example.com",
    "phone": "9876543210",
    "phone_country_code": "+1"
  }'
Make sure to use the correct API key for the appropriate environment. Using the wrong key or URL may result in authentication failures. Keep your API key secure and never expose it on the client side.
Alternatively, you can use the static signature in the sandbox environment: 8b3cb99a4b8e24fc7e01d0db635e2e47b80818144fe51400c6c6ae3ecbc84f47

How to generate signature

Learn how to generate secure request signatures using your platform’s secret key in our Signature Authentication Guide.
Need help? Reach out to support@paywint.com