Parent Platforms

For businesses that facilitate other businesses in accepting bitcoin.

Create your HMAC Secret and POST to Branta:

Adding payments

post

Adds a new payment to Branta. Expires after ttl seconds.

HMAC Authentication: When the API key has a parent platform, HMAC validation is required. The HMAC signature is computed as follows:

Create a message string: {METHOD}|{URL}|{BODY}|{TIMESTAMP}
Generate HMAC-SHA256 signature using the parent platform's API secret
Include the signature in the X-HMAC-Signature header
Include the timestamp in the X-HMAC-Timestamp header

The timestamp must be within 30 minutes of the current time to prevent replay attacks.

Header parameters

AuthorizationstringRequired

Authorization header with Bearer token is required to authorize the request. Format: Bearer {your_api_key}. This API key is unique to each client and must be included in the header of every request. Failure to provide a valid API key will result in an unauthorized error.

Keep your API key confidential.

X-HMAC-Timestampstring · int64Required

Unix timestamp in seconds. Must be within 30 minutes of the current time to prevent replay attacks.

X-HMAC-SignaturestringRequired

HMAC-SHA256 signature of the request. The signature is computed using the parent platform's API secret and includes the HTTP method, URL, request body, and timestamp.

Body

Responses

201

Payment created successfully

401

Unauthorized - Invalid API key or HMAC validation failed

application/json

422

Unprocessable Content

application/json

post

/payments

POST /v1/payments HTTP/1.1
Host: staging.branta.pro
Authorization: text
X-HMAC-Timestamp: text
X-HMAC-Signature: text
Content-Type: application/json
Accept: */*
Content-Length: 112

{
  "payment": {
    "payment": "1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa",
    "ttl": "86400",
    "alt_payments": [
      "lnbc....",
      "bc1q..."
    ]
  }
}

No content

PreviousKey Rotation NextGuardrail Design

Last updated 14 days ago

hashtagAdding payments

Adding payments