# Authentication

### Signing the request

**Request content** is either query string of URL (parameters after ? sign) for GET queries and POST queries without body, or body of POST request if present.

**clientId** is used for authentication of user, while **clientSecret** for authorization and signatures

For example we will use the folowing clientId and clientSecret

| Public ID  | <p>X-LP-clientId<br></p> | It is used to identify the API of the Payment system.  |
| ---------- | ------------------------ | ------------------------------------------------------ |
| Secret key | <p>signature <br></p>    | It is used to sign API Requests of the Payment System. |

Withdrawal request using HMAC-SHA256

```
  curl -X POST \
  'https://api.lemanpay.net/api/v1/account/withdrawal?Currency=USDT&Amount=10&Address=TPhw2JRiJ62troEKhzfFtCDPR7o5D87vSM&signature=749038abde362ac8327d9f09ec63ad74344102bedfed258f6fd75a18105ca1aa' \
  -H 'X-LP-ClientId: ID-6c78b565a0434c869020cf44b457c4678d4ca75ea63a42539316ed91239e4747'       
```

Create P2P offer request using HMAC-SHA256

```

  curl -X POST \
  'https://api.lemanpay.net/api/v1/p2p/Offer?signature=e18764460a54333f6707d2fa23319d7d127ca09efaad3a1cbdbe82fb239ba5ef' -H  "accept: text/plain" -H  "Content-Type: application/json-patch+json" \
  -d "{\"BaseCurrencyId\":1,\"QuoteCurrencyId\":15,\"Type\":\"Sell\",\"Expression\":\"BTC_IN_ETH*1.01\",\"TimeZone\":\"UTC+00:00\",\"MinimumLimit\":0.016,\"MaximumLimit\":8.01,\"TrackLiquidity\":true,\"PaymentWindow\":\"01:30:00\",\"KycVerificationRequired\":false,\"PhoneVerificationRequired\":false,\"EmailVerificationRequired\":false,\"Schedule\":[{\"DayOfWeek\":\"Sunday\",\"Start\":\"00:00\",\"End\":\"23:59\"},{\"DayOfWeek\":\"Monday\",\"Start\":\"00:00\",\"End\":\"23:59\"}],\"CountryId\":169,\"IsHidden\":false,\"IsEnabled\":true,\"IsDeleted\":false,\"IsBlocked\":false}"
  -H 'X-LP-ClientId: ID-6c78b565a0434c869020cf44b457c4678d4ca75ea63a42539316ed91239e4747'       
```

We can improve the security of the signed requests by passing additional parameters timestamp and recvWindow to the query string. In this case they should be included in the sigature along with other paramaters.