# Parent Platforms

Create your HMAC Secret and `POST` to Branta:

## Adding payments

> Adds a new payment to Branta. Expires after ttl seconds.\
> \
> \*\*HMAC Authentication:\*\* When the API key has a parent platform, HMAC validation is required. The HMAC signature is computed as follows:\
> 1\. Create a message string: \`{METHOD}|{URL}|{BODY}|{TIMESTAMP}\`\
> 2\. Generate HMAC-SHA256 signature using the parent platform's API secret\
> 3\. Include the signature in the \`X-HMAC-Signature\` header\
> 4\. Include the timestamp in the \`X-HMAC-Timestamp\` header\
> \
> The timestamp must be within 30 minutes of the current time to prevent replay attacks.

```json
{"openapi":"3.0.0","info":{"title":"Branta API","version":"2"},"servers":[{"url":"https://staging.guardrail.branta.pro/v2","description":"Staging is meant for pre-production workflows"}],"paths":{"/payments":{"post":{"summary":"Adding payments","description":"Adds a new payment to Branta. Expires after ttl seconds.\n\n**HMAC Authentication:** When the API key has a parent platform, HMAC validation is required. The HMAC signature is computed as follows:\n1. Create a message string: `{METHOD}|{URL}|{BODY}|{TIMESTAMP}`\n2. Generate HMAC-SHA256 signature using the parent platform's API secret\n3. Include the signature in the `X-HMAC-Signature` header\n4. Include the timestamp in the `X-HMAC-Timestamp` header\n\nThe timestamp must be within 30 minutes of the current time to prevent replay attacks.","parameters":[{"in":"header","name":"Authorization","required":true,"schema":{"type":"string"},"description":"`Authorization` header with Bearer token is required to authorize the request. Format: `Bearer {your_api_key}`. This API key is unique to each client and must be included in the header of every request. Failure to provide a valid API key will result in an unauthorized error.\n\nKeep your API key confidential."},{"in":"header","name":"X-HMAC-Timestamp","required":true,"schema":{"type":"string","format":"int64"},"description":"Unix timestamp in seconds. Must be within 30 minutes of the current time to prevent replay attacks."},{"in":"header","name":"X-HMAC-Signature","required":true,"schema":{"type":"string"},"description":"HMAC-SHA256 signature of the request. The signature is computed using the parent platform's API secret and includes the HTTP method, URL, request body, and timestamp."}],"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/PaymentRequest"}}}},"responses":{"201":{"description":"Payment created successfully"},"401":{"description":"Unauthorized - Invalid API key or HMAC validation failed","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Unauthorized"}}}},"422":{"description":"Unprocessable Content","content":{"application/json":{"schema":{"$ref":"#/components/schemas/UnprocessableContent"}}}}}}}},"components":{"schemas":{"PaymentRequest":{"type":"object","properties":{"destinations":{"type":"array","items":{"type":"object","properties":{"value":{"type":"string","description":"The payable address."},"zk":{"type":"boolean","description":"If the provided value is encrypted or not. <b>Note</b>: value must be pre-encrypted with `AES-GCM` when this option is set to true."}},"required":["value"]}},"ttl":{"type":"integer","description":"Branta will remove the payment after ttl seconds."},"description":{"type":"string"},"metadata":{"type":"string","description":"Optional stringified JSON to show the user."}},"required":["destinations","ttl"]},"Unauthorized":{"type":"object","properties":{"error":{"type":"string"}}},"UnprocessableContent":{"type":"object","properties":{"destinations":{"type":"string"},"ttl":{"type":"string"}}}}}}
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://developer.branta.pro/tech-and-setup/parent-platforms.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.