Authentication

To start working with the Rampnow API, all clients must authenticate themselves.

Generate app tokenCopied!

An app token is a secure method of communication with our API. You can create an app token in the Partner Dashboard.

Make requestsCopied!

All requests must contain the following headers:

X-RAMPNOW-API-KEY — an API Key that you generate in the Dashboard.

X-RAMPNOW-SIGN — a request signature in the HEX format. The signature is case insensitive.

X-RAMPNOW-TIMESTAMP — number of seconds since Unix Epoch in UTC.

Attention

All API queries must be sent over HTTPS; plain HTTP will be refused. You must include your auth headers in all requests.

Sign requestsCopied!

The value of the X-RAMPNOW-SIGN header is generated with the sha256 HMAC algorithm using a secret key (Secret key is generated in the merchant Dashboard as part of API key creation) on the bytes obtained by concatenating the following information:

  • A timestamp (value of the X-RAMPNOW-TIMESTAMP header) taken as a string.

  • An HTTP method name in upper-case, e.g. GET or POST.

  • URI of the request without a host name, starting with a slash and including all query parameters, e.g. /api/partner/v1/ext/ramp_order/quote?srcCurrency=USD&dstCurrency=BTC

  • Request body, taken exactly as it will be sent. If there is no request body, e.g., for GET requests, do not include it.

Your timestamp must be within 1 minute of the API server time. Make sure the time on your server is correct.

Examples of how you can sign your requests:

message = timestamp + 'POST' + url_path + body
hmac_message = hmac.digest(SECRET_KEY.encode(), message.encode(), hashlib.sha256)

Python Example

import time
import base64
import hashlib
import hmac
import json
import requests

SECRET_KEY = 'api-secret-key'
API_KEY = 'api-key'
base_url = 'https://api.rampnow.io' 
path = '/api/partner/v1/ext/ramp_order/quote'

payload_data = {
    "orderType": "buy",  
    "srcAmount": "100.0",  
    "srcCurrency": "EUR",
    "srcChain": "fiat",  
    "dstChain": "ethereum", 
    "dstCurrency": "ETH", 
    "paymentMode": "card", 
    "apiKey": API_KEY,
    "walletAddress": "0x6782f3309EAE59BbffbE87d9f3d4117298861468", 
    "walletAddressTag": "",  
    "externalOrderId": "ajsdiauhdiqw7e78322wrnbjsahd", 
}

payload = json.dumps(payload_data)

timestamp = str(int(time.time()))
message = timestamp + 'POST' + path + payload
signature = base64.b16encode(hmac.digest(SECRET_KEY.encode(), message.encode(), hashlib.sha256)).decode().lower()

headers = {
    'X-RAMPNOW-API-KEY': API_KEY,
    'X-RAMPNOW-SIGN': signature,
    'X-RAMPNOW-TIMESTAMP': timestamp,
    'Content-Type': 'application/json'
}

url = base_url + path

response = requests.post(url, headers=headers, data=payload)

print(response.status_code, response.text)