โ†—๏ธRequests

Making Subsequent API Requests

When making API requests, it is essential to include specific headers to ensure both the identification of your tenant account and the security of your requests. Each request must include the following headers:

1. API Key: 'x-api-key'

  • API Keys are provided by TygaPay support. This key must be included in every API request to identify your tenant account.

2. API Hash: 'x-api-hash'

  • To maintain the security and integrity of your API requests, you must sign your requests using HMAC SHA256. This signature must be included in every API request. Below, we provide instructions on how to create an x-api-hash:

๐Ÿ”Authentication
import axios, { AxiosInstance } from "axios";
import { URL } from "url";
import qs from "qs";
import crypto from "crypto";

class TygaPaySandbox {
  async runExamples() {
    // Store this in a secure place.
    const apiKey = "your-api-key";
    const apiSecret = "your-api-secret-key";

    const service = new TygaPayService(apiKey, apiSecret);

    // 1. GET EXAMPLE
    const user = await service.getUserByUserId("test");
    console.log(user);

    // 2. POST EXAMPLE
    const order = await service.createOrder({
      orderNumber: "order-example-1",
      type: "payment",
      email: "example@gmail.com",
      amount: 100,
      notifyUrl: "https://example.com/payment-webhook",
      returnUrl: "https://example.com/payment-completed",
    });
    console.log(order);
  }
}

/**
 * Refer to the API documentation here: https://tygapay.github.io/docs/
 */
export class TygaPayService {
  private readonly client: AxiosInstance;

  /**
   * Initializes a new instance of the TygaPayService.
   * @param apiKey The API key used for authenticating API requests.
   * @param apiSecret The secret key used for signing API requests.
   */
  constructor(apiKey: string, private apiSecret: string) {
    this.client = axios.create({
      headers: {
        "Content-Type": "application/json",
        "x-api-key": apiKey,
      },
    });
  }

  /**
   * POST EXAMPLE
   * Creates a new order in the TygaPay system.
   * @param request The order details.
   * @returns The API response.
   */
  public async createOrder(request: {
    orderNumber: string;
    type: "payment" | "deposit";
    email: string;
    amount: number;
    notifyUrl: string;
    returnUrl: string;
  }) {
    const url = "https://orders-v1-api-rdqehkur6a-ey.a.run.app/orders";
    return this.processApiRequest("POST", url, request);
  }

  /**
   * GET EXAMPLE
   * Retrieves a user by their user ID from TygaPay.
   * @param userId The user's unique identifier.
   * @returns The user's details.
   */
  public async getUserByUserId(userId: string) {
    const url = `https://users-v1-api-rdqehkur6a-ey.a.run.app/user?userId=${userId}`;
    return this.processApiRequest("GET", url);
  }

  /**
   * Processes an API request to TygaPay.
   * @param method The HTTP method (POST, GET, PUT, DELETE).
   * @param url The endpoint URL.
   * @param body The request payload, if any.
   * @returns The API response as a generic type T.
   */
  public async processApiRequest<T>(
    method: "POST" | "GET" | "PUT" | "DELETE",
    url: string,
    body?: any
  ): Promise<T> {
    try {
      const apiPath = this.extractApiPath(url);
      const signature = this.signApiRequest(body, apiPath);
      const response = await this.client.request({
        method,
        url,
        data: body,
        headers: {
          "x-api-hash": signature,
        },
      });
      return response.data as T;
    } catch (error) {
      console.error("TygaPay API request failed", error);
      throw error;
    }
  }

  /**
   * Extracts the API path from a URL.
   * @param url The full URL.
   * @returns The extracted path and query string.
   */
  private extractApiPath(url: string) {
    const parsedUrl = new URL(url);
    const apiPath = `${parsedUrl.pathname}${parsedUrl.search}`;
    console.log(`Parsed URL: ${apiPath}`);
    return apiPath;
  }

  /**
   * Signs an API request by generating a hash signature.
   * @param body The request payload.
   * @param apiPath The API path.
   * @returns The signature string.
   */
  private signApiRequest(body: any, apiPath: string) {
    const bodyQueryString = qs.stringify(body, {
      encode: false,
      delimiter: "&",
      allowDots: true,
    });
    console.log(bodyQueryString);

    const stringToSign = apiPath + bodyQueryString;
    const signature = crypto
      .createHmac("sha256", this.apiSecret)
      .update(stringToSign)
      .digest("hex");

    return signature;
  }
}

new TygaPaySandbox().runExamples();

Last updated