Authentication
Signing the request
Request content is either query string of URL (parameters after ? sign) for GET queries and POST queries without body, or body of POST request if present.
clientId is used for authentication of user, while clientSecret for authorization and signatures
For example we will use the folowing clientId and clientSecret
Public ID
X-LP-clientId
It is used to identify the API of the Payment system.
Secret key
signature
It is used to sign API Requests of the Payment System.
Withdrawal request using HMAC-SHA256
curl -X POST \
'https://api.lemanpay.net/api/v1/account/withdrawal?Currency=USDT&Amount=10&Address=TPhw2JRiJ62troEKhzfFtCDPR7o5D87vSM&signature=749038abde362ac8327d9f09ec63ad74344102bedfed258f6fd75a18105ca1aa' \
-H 'X-LP-ClientId: ID-6c78b565a0434c869020cf44b457c4678d4ca75ea63a42539316ed91239e4747' Create P2P offer request using HMAC-SHA256
curl -X POST \
'https://api.lemanpay.net/api/v1/p2p/Offer?signature=e18764460a54333f6707d2fa23319d7d127ca09efaad3a1cbdbe82fb239ba5ef' -H "accept: text/plain" -H "Content-Type: application/json-patch+json" \
-d "{\"BaseCurrencyId\":1,\"QuoteCurrencyId\":15,\"Type\":\"Sell\",\"Expression\":\"BTC_IN_ETH*1.01\",\"TimeZone\":\"UTC+00:00\",\"MinimumLimit\":0.016,\"MaximumLimit\":8.01,\"TrackLiquidity\":true,\"PaymentWindow\":\"01:30:00\",\"KycVerificationRequired\":false,\"PhoneVerificationRequired\":false,\"EmailVerificationRequired\":false,\"Schedule\":[{\"DayOfWeek\":\"Sunday\",\"Start\":\"00:00\",\"End\":\"23:59\"},{\"DayOfWeek\":\"Monday\",\"Start\":\"00:00\",\"End\":\"23:59\"}],\"CountryId\":169,\"IsHidden\":false,\"IsEnabled\":true,\"IsDeleted\":false,\"IsBlocked\":false}"
-H 'X-LP-ClientId: ID-6c78b565a0434c869020cf44b457c4678d4ca75ea63a42539316ed91239e4747' We can improve the security of the signed requests by passing additional parameters timestamp and recvWindow to the query string. In this case they should be included in the sigature along with other paramaters.
Last updated