Authentication
The Any.Money system API is based on the JSON-RPC remote procedure call
protocol with several limitations:
- notifications are not processed;
- batch queries/responses are not supported;
- all argument's values in the query are transmitted only in string (str) or boolean (bool) formats;
- the params field supports arguments transmission in the JSON object format, not as an array;
- if null is transmitted for the argument - the default value will be used. If the default is not defined, the
Any.Money system will return the corresponding exception.
Query organization
The API queries are sent to https://api.any.money/ endpoint.
The query must be signed. Merchant's data is transmitted in the headers.
Headers
- x-merchant - merchant's identifier;
- x-signature - hash signature of the query;
- x-utc-now-ms - query creation time, in milliseconds (utc timestamp).
Params
- method - the name of the query method;
- params - method parameters, formed of
key: value; - jsonrpc - specification version (always equals to "2.0");
- id - query identifier.
Signature
To authenticate a query, you need to sign it and transfer the signature in the x-signature header. The signature is generated by the HEX algorithm (HMAC-SHA512 (data, api_key)), where:
- data - a string, composed from the params object values. To form a string it is necessary to:
- sort params keys by alphabet;
- compose a string of their values, excepts for the nested objects and
null; - add the x-utc-now-ms header value to the end of the received line;
- cast a composed string to lowercase;
- api_key - merchant's key for interaction via API.
API query example
import hashlib
import hmac
import requests
import time
def sign_data(key: str, data: dict, utc_now: str) -> str:
if data: sorted_data = sorted(data.items())
else: sorted_data = {}
msg = ''.join(
str(v) for k, v in sorted_data
if not isinstance(v, (dict, list, type(None)))
) + str(utc_now)
msg = msg.lower()
return hmac.new(key.encode(), msg.encode(), hashlib.sha512).hexdigest()
data = {
"method": "balance",
"params": {"curr": "BTC"},
"jsonrpc": "2.0",
"id": "1"
}
MERCHANT = '1234'
API_KEY = 'your api_key here'
utc_now = str(int(time.time() * 1000))
headers = {
"x-merchant": MERCHANT,
"x-signature": sign_data(API_KEY, data.get('params') or {}, utc_now),
"x-utc-now-ms": utc_now
}
response = requests.post(url='https://api.any.money/', json=data, headers=headers)
<?php
function sign_data(string $key, array $data, string $utc_now) : string {
ksort($data);
$s = '';
foreach($data as $k=>$value) {
if (in_array(gettype($value), array('array', 'object', 'NULL')) ){
continue;
}
if(is_bool($value)){
$s .= $value ? "true" : "false";
} else {
$s .= $value;
}
}
$s .= $utc_now;
return hash_hmac('sha512', strtolower($s), $key);
}
$data = array(
"method" => "balance",
"params" => array("curr" => "BTC"),
"jsonrpc" => "2.0",
"id" => "1"
);
$MERCHANT = '1234';
$API_KEY = 'your api_key here';
$utc_now = strval(((int)round(microtime(true) * 1000)));
$data_string = json_encode($data);
$ch = curl_init('https://api.any.money/');
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");
curl_setopt($ch, CURLOPT_POSTFIELDS, $data_string);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
'Content-Type: application/json',
'Content-Length: ' . strlen($data_string),
'x-merchant: ' . $MERCHANT,
'x-signature: ' . sign_data($API_KEY, $data['params'] ?: array(), $utc_now),
'x-utc-now-ms: ' . $utc_now)
);
$result = curl_exec($ch);
?>
System response options
In the case of correct query, the method execution result will be returned by the result key as a JSON object.
Method response
{
"result": {"UAH": "0"},
"id": "1",
"jsonrpc": "2.0",
}
- result
- method execution result
- id
- request ID of received response
- jsonrpc
- specification version (always equal to "2.0")
Otherwise, the code, message and the data of the occurred exception will be returned by the error key :
Exception
{
"error": {
"code": -32003,
"message": "EParamInvalid",
"data": {
"field": "externalid",
"value": "25"
}
},
"jsonrpc": "2.0",
"id": "R5822"
}
The data, returned in headers
- x-utc-now-ms
- response time, in milliseconds (utc timestamp)
- x-signature
- hash signature of the response