API Security

Overview

Iris Hub API uses dual authentication mechanism:

API Key - Partner identification
HMAC-SHA256 Signature - Request integrity verification

Both API Key and Signature Key are provided by Iris.

Authentication Headers

All API requests must include these HTTP headers:

X-API-Key: API key provided by Iris
X-Signature: HMAC-SHA256 signature of request body

Signature Generation

Algorithm: HMAC-SHA256(requestBody, signatureKey) Format: Uppercase hexadecimal string

Implementation Examples

JavaScript/Node.js

const crypto = require('crypto');

function generateSignature(requestBody, signatureKey) {
    return crypto.createHmac('sha256', signatureKey)
                 .update(requestBody)
                 .digest('hex')
                 .toUpperCase();
}

using System.Security.Cryptography;
using System.Text;

public static string GenerateSignature(string requestBody, string signatureKey)
{
    using (var hmac = new HMACSHA256(Encoding.UTF8.GetBytes(signatureKey)))
    {
        var hashBytes = hmac.ComputeHash(Encoding.UTF8.GetBytes(requestBody));
        return Convert.ToHexString(hashBytes);
    }
}

Request Example

POST /api/LaunchGame HTTP/1.1
Content-Type: application/json
X-API-Key: YourApiKeyFromIris
X-Signature: D9F9EEDB58EC4D88CCDAC96FC3D1AA146D2C9C9E52BFB1CABE77EAFF67C96CE7

{"traceId":"12345","playerId":"player001","currency":"USD"}

Test Case

Input:

Body: {"traceId":"23289jfjk902","playerId":"nexid","currency":2,"language":"EN","gameCode":"mines","deviceType":0,"iFrame":false,"returnUrl":"https://google.com/nexmines","merchantId":"1PK","demoAccount":true}
Signature Key: TestSignatureKey

Expected Signature: D9F9EEDB58EC4D88CCDAC96FC3D1AA146D2C9C9E52BFB1CABE77EAFF67C96CE7

PreviousIris Hub Seamless Wallet API Document (For Operators)NextAPIs Required by IRIS

Last updated 7 months ago

Good morning

hashtagOverview

hashtagAuthentication Headers

hashtagSignature Generation

hashtagImplementation Examples

hashtagRequest Example