# Authentication To use the Inqud API you need to get an API id and secret keys. Following steps explain how to get API token: 1. Sign up or log into Inqud's [app](https://app.inqud.com/). 2. Navigate to[ user settings](https://app.inqud.com/#/profile) and pass KYC process. 3. Ask your personal manager to get access to the API. 4. On the same page in the "API tokens" section click "Add API token". 5. Fill in the form on the modal window and click "Create API token". 6. After that you will be provided with "Token Id" and "Token Secret". 7. Now you all set! Please store the keys securely. If the credentials were compormised you can revoke it at any time on the same page. ## API Tokens in action Below you can find the request headers which are used for the token-based authentication: **Simple approach**: ``` X-Token-API-Id - Identifier of the token (started with TKN- prefix) X-Token-API-Secret - Token secret ``` **HmacSHA256**: ``` X-Token-API-Id - Identifier of the token (started with TKN- prefix) X-HMAC-SHA256-Signature - HMAC Signature X-Salt - Salt (nonce) ``` Signature = HmacSHA256 function of (Request body + salt) hashed by token secret in HEX For GET request just use "" as a body parameter ### Python Example Here is an example of how to get a balance with the signature of the request in python #### Secret token GET example ```python import requests id = 'TKN-6c1296b8-6929-443b-ac06-f732e0e27be1' secret = "dBajIp3wHnw5euxohPiZvsCEorG3Fhl9gsHl1UIBlsImHjWRdSJdp4Gh6e3y2PNs" headers = {} headers['X-Token-API-Id'] = id headers['X-Token-API-Secret'] = secret url = 'https://api.inqud.com/v1/user/wallet/balances' http_response = requests.get(url=url, headers=headers) print(str(http_response.content.decode())) ``` #### HmacSHA256 GET example ```python import hashlib import hmac import requests import secrets base_url = 'https://api.inqud.com' token_id = "TKN-6c1296b8-6929-443b-ac06-f732e0e27be1" token_secret = "dBajIp3wHnw5euxohPiZvsCEorG3Fhl9gsHl1UIBlsImHjWRdSJdp4Gh6e3y2PNs" salt = secrets.token_hex(32) data = '' data_s = data + salt dig = hmac.new(token_secret.encode('utf-8'), msg=data_s.encode('utf-8'), digestmod=hashlib.sha256).digest() signature = dig.hex() headers = {'X-Token-API-Id': token_id, 'X-HMAC-SHA256-Signature': signature, 'X-Salt': salt} url = base_url + '/v1/user/wallet/balances' http_response = requests.get(url=url, headers=headers) ``` #### HmacSHA256 POST example ```python import hashlib import hmac import requests import secrets import json base_url = 'https://api.inqud.com' token_id = "TKN-6c1296b8-6929-443b-ac06-f732e0e27be1" token_secret = "dBajIp3wHnw5euxohPiZvsCEorG3Fhl9gsHl1UIBlsImHjWRdSJdp4Gh6e3y2PNs" salt = secrets.token_hex(32) data = {"amount": 50, "cardNumber": "5555555555554444", "firstName": "John", "lastName": "Doe", "phoneNumber": "+111111111111", "method": "CC_VISAMC", "currency": "USD"} data_s = json.dumps(data) + salt dig = hmac.new(token_secret.encode('utf-8'), msg=data_s.encode('utf-8'), digestmod=hashlib.sha256).digest() signature = dig.hex() headers = { 'X-Token-API-Id': token_id, 'X-HMAC-SHA256-Signature': signature, 'X-Salt': salt } url = base_url + '/v1/user/payments/payout' http_response = requests.post(url=url, headers=headers, json=data) ```