CryptoBilling Documentation Help

Authorization

All methods of this API use same authentication method. It's flow is similar to API-Key authentication

Obtaining API Authorization Keys

You can obtain the API keys in your personal account in the "API Keys" section.

API Request Authorization

Authorization is accomplished by sending the following headers in the request:

Header

Value

Format

Mandatory

X-Processing-Key

The API public key that you received in your personal account

guid(36)

true

X-Processing-Timestamp

Timestamp in milliseconds when the request was created and sent

long

true

X-Processing-RecvWindow

The number of milliseconds after the timestamp during which the request is valid

integer

false

X-Processing-Signature

Request data, signed with the HMAC-SHA512 secret key, the secret key is also obtained in the personal account

base64_string

true

Calculation of request data signature value with the secret key in the [X-Processing-Signature] header

  1. Form the signable request data into a string by concatenating the parts of the request in the following order:

    header_value('X-Processing-Timestamp') + header_value('X-Processing-RecvWindow')? + http_method() + http_query_url + http_query_body?

  2. Calculate the value of the request data signature as a byte sequence:

    signature = hmac_sha512(key=secretKey, data=signingData)

  3. Pass the request data signature value in base64 encoding in the X-Processing-Signature header:

    signatureBase64 = base64_encode(signature)

Example

apiPublicKey (guid w/o hyphens)

d93b40983c61423c9a849956bf1c3549

apiSecretKey (base64string)

KTxbhABQWghHHkeOFUAUFIb8u9S2rr0nVklG7/x9EtXKdq9sELhhfYbdsTL1QGK5DWsjrxzTeAP2Zf/hrkv3ZK210fmU/ld30avXEzjHCeBoxYXPCjuTEWtkiFHEOfBczL85rFsLeu0fGZVFmOmnihnMTVbkjmgcSqfYWcpKKYE=

  1. Form a signable string from the values of parts of the request. The resulting signable string looks like:

    14998273203506000POST/v1/channels/take{"currencyShortName":"USDT","transportProtocol":"trc20","foreignId":"user-007"}

  2. Convert this string to bytearray using UTF-8 Encoding

    3134393938323733323033353036303030504f53542f76312f6368616e6e656c732f74616b657b2263757272656e637953686f72744e616d65223a2255534454222c227472616e73706f727450726f746f636f6c223a227472633230222c22666f726569676e4964223a22757365722d303037227d

  3. Convert apiSecretKey to bytearray from base64string

    293c5b8400505a08471e478e1540141486fcbbd4b6aebd27564946effc7d12d5ca76af6c10b8617d86ddb132f54062b90d6b23af1cd37803f665ffe1ae4bf764adb5d1f994fe5777d1abd71338c709e068c585cf0a3b93116b648851c439f05cccbf39ac5b0b7aed1f19954598e9a78a19cc4d56e48e681c4aa7d859ca4a2981

  4. Calculate signature using HMACSHA512 method using data bytes as input data from #2 and key bytes as key data from #3

    99e42b99bf324e740adcf253c466a41bbd62515a55c60c5c8f9077d07ed73e16a83f47a2455d8944165b824e6fc22a94bf9b2719c29aa68bac2271ed9ff46876

  5. Convert signature bytes from #4 to base64string

    meQrmb8yTnQK3PJTxGakG71iUVpVxgxcj5B30H7XPhaoP0eiRV2JRBZbgk5vwiqUv5snGcKapousInHtn/Rodg==

  6. Execute the request, passing all the necessary data in the headers (including the request body):

    curl -X POST "https://api.cryptobilling.com/api/v1/channels/take" \ -H "Content-Type: application/json" \ -H "X-Processing-Key: d93b40983c61423c9a849956bf1c3549" \ -H "X-Processing-Signature: meQrmb8yTnQK3PJTxGakG71iUVpVxgxcj5B30H7XPhaoP0eiRV2JRBZbgk5vwiqUv5snGcKapousInHtn/Rodg==" \ -H "X-Processing-Timestamp: 1499827320350" \ -H "X-Processing-RecvWindow: 6000" \ -d '{"currencyShortName":"USDT","transportProtocol":"trc20","foreignId":"user-007"}' \
14 November 2025
API ReferenceTransactions status model