Authentication Code Examples

Below are very simple examples of secret key signature authentication implementations of authentication in a couple of different languages.

Each example is annotated with todo notes that you must address before the code is usable. Examples contain at least an HTTP JSON API call with a signature against the Wyre production API (the testwyre.com environment URI is commented out but included).

Feel free to also check out our Postman collection here for a suite of requests to all of our endpoints.

PHP

<?php
    function make_authenticated_request($endpoint, $method, $body) {
        // $url = 'https://api.testwyre.com'; // todo use this endpoint for testwyre environment
        $url = 'https://api.sendwyre.com';
      
        // todo please replace these with your own keys for the correct environment
        $api_key = "AK-AAAAAAA-AAAAAAA-AAAAAAA-AAAAAAA";
        $secret_key = "SK-AAAAAAA-AAAAAAA-AAAAAAA-AAAAAAA";

        $timestamp = floor(microtime(true)*1000);
        $request_url = $url . $endpoint;

        if(strpos($request_url,"?"))
            $request_url .= '&timestamp=' . sprintf("%d", $timestamp);
        else
            $request_url .= '?timestamp=' . sprintf("%d", $timestamp);

        if(!empty($body))
            $body = json_encode($body, JSON_FORCE_OBJECT);
        else
            $body = '';

        $headers = array(
            "Content-Type: application/json",
            "X-Api-Key: ". $api_key,
            "X-Api-Signature: ". calc_auth_sig_hash($secret_key, $request_url . $body)
        );
        $curl = curl_init();

        if($method=="POST"){
          $options = array(
            CURLOPT_URL             => $request_url,
            CURLOPT_POST            =>  true,
            CURLOPT_POSTFIELDS      => $body,
            CURLOPT_RETURNTRANSFER  => true);
        }else {
          $options = array(
            CURLOPT_URL             => $request_url,
            CURLOPT_RETURNTRANSFER  => true);
        }
        curl_setopt_array($curl, $options);
        curl_setopt($curl, CURLOPT_HTTPHEADER, $headers);
        $result = curl_exec($curl);
        curl_close($curl);
        var_dump($result);
        return json_decode($result, true);
    }

    function calc_auth_sig_hash($seckey, $val) {
        $hash = hash_hmac('sha256', $val, $seckey);
        return $hash;
    }

    // try to retrieve the current account
    echo make_authenticated_request("/v2/account", "GET", array());

    // perform a transfer
    $transfer = array(
      "sourceCurrency"=>"USD",
      "dest"=>"account:AC-XXXXXXXX", // replace with your account ID
      "sourceAmount"=> "100.50",
      "destCurrency"=> "BTC",
      "message"=> "convert USD to bitcoin"
      );
    echo make_authenticated_request("/v2/transfers", "POST", $transfer);
?>

C#

using System;
using System.Collections.Generic;
using System.IO;
using System.Net;
using System.Security.Cryptography;
using System.Text;
using System.Linq;
using Newtonsoft.Json.Linq;
using Newtonsoft.Json;

namespace testauthwyre
{
    class MainClass
    {
        public static void Main(string[] args)
        {
            WyreApi wyre = new WyreApi();

            HttpWebResponse accountResponse = wyre.Get("/v2/account");

            Console.WriteLine(GetResponseBody(accountResponse));

            Dictionary<string, object> body = new Dictionary<string, object>();
            body.Add("sourceCurrency", "USD");
            body.Add("destCurrency", "BTC");
            body.Add("sourceAmount", "50.50");
            body.Add("dest", "account:AC-XXXXXX"); // todo use your real account ID here
            HttpWebResponse transferResponse = wyre.Post("/v2/transfers", body);

            Console.WriteLine(GetResponseBody(transferResponse));
        }

        private static string GetResponseBody(HttpWebResponse response)
        {
            return JObject.Parse(new StreamReader(response.GetResponseStream()).ReadToEnd()).ToString(Formatting.Indented);
        }
    }

    public class WyreApi
    {
        private const String domain = "https://api.sendwyre.com";
        // private const String domain = "https://api.testwyre.com"; // todo use this endpoint for Wyre's testing environmnemt
      
        // todo replace these with your api private and secret keys
        private const String apiKey = "AK-AAAAAAAA-AAAAAAAA-AAAAAAAA-AAAAAAAA";
        private const String secKey = "SK-AAAAAAAA-AAAAAAAA-AAAAAAAA-AAAAAAAA";

        public HttpWebResponse Get(string path)
        {
            return Get(path, new Dictionary<string, object>());
        }

        public HttpWebResponse Get(string path, Dictionary<string, object> queryParams)
        {
            return Request("GET", path, queryParams);
        }

        public HttpWebResponse Post(string path, Dictionary<string, object> body)
        {
            return Request("POST", path, body);
        }

        private HttpWebResponse Request(string method, string path, Dictionary<string, object> body)
        {
            Dictionary<string, object> queryParams = new Dictionary<string, object>();

            if (method.Equals("GET"))
                queryParams = body;

            queryParams.Add("timestamp", DateTimeOffset.UtcNow.ToUnixTimeMilliseconds());

            string queryString = queryParams.Aggregate("", (previous, current) => previous + "&" + current.Key + "=" + current.Value).Remove(0, 1);

            string url = domain + path + "?" + queryString;

            HttpWebRequest request = (HttpWebRequest)WebRequest.Create(url);
            request.Method = method;
            request.ContentType = "application/json";
            request.AutomaticDecompression = DecompressionMethods.GZip | DecompressionMethods.Deflate;

            if (!method.Equals("GET"))
            {
                url += JsonConvert.SerializeObject(body);
                using (StreamWriter writer = new StreamWriter(request.GetRequestStream()))
                    writer.Write(JsonConvert.SerializeObject(body));
            }

            request.Headers["X-Api-Key"] = apiKey;
            request.Headers["X-Api-Signature"] = CalcAuthSigHash(secKey, url);

            try 
            {
                return (HttpWebResponse)request.GetResponse();
            }
            catch(WebException e) 
            {
                string msg = new StreamReader(e.Response.GetResponseStream()).ReadToEnd();
                Console.WriteLine(msg);
                throw new SystemException(msg);
            }
        }

        private byte[] GetBytes(string str)
        {
            return Encoding.UTF8.GetBytes(str);
        }

        private string GetString(byte[] bytes)
        {
            return BitConverter.ToString(bytes);
        }

        private String CalcAuthSigHash(string key, string value)
        {
            HMACSHA256 hmac = new HMACSHA256(GetBytes(key));
            string hash = GetString(hmac.ComputeHash(GetBytes(value))).Replace("-", "");
            return hash;
        }
    }
}

Java

import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import java.io.BufferedReader;
import java.io.DataOutputStream;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.lang.Integer;
import java.lang.String;
import java.lang.StringBuffer;
import java.net.HttpURLConnection;
import java.net.URL;

public class TestAuth {
  public static void main(String[] args) {
    // todo replace with your actual credentials
    String apiKey = "AK-AAAAAAAA-AAAAAAAA-AAAAAAAA-AAAAAAAA";
    String secretKey = "SK-AAAAAAAA-AAAAAAAA-AAAAAAAA-AAAAAAAA";

    // String baseUrl = "https://api.testwyre.com"; // todo use this for Wyre's testing environment 
    String baseUrl = "https://api.sendwyre.com";
    String data = "";

    String result = executeWyreRequest(baseUrl + "/v2/account", "", "GET", apiKey, secretKey);
    System.out.println(result);
    
    // todo encode request data - you probably want to use a JSON serialization library such as Jackson for this!
    data = "{" +
        "  \"dest\": \"account:AC-XXXXX\"," + // todo replace with your account ID
        "  \"destCurrency\": \"USD\"," +
        "  \"sourceCurrency\" : \"BTC\"," +
        "  \"sourceAmount\" : \"1\"," +
        "  \"message\": \"$1 worth of bitcoin!\"" +
        "}";
    result = executeWyreRequest(baseUrl + "/v2/transfers", data, "POST", apiKey, secretKey);

    System.out.println(result);
  }

  public static String executeWyreRequest(String targetURL, String requestBody, String method, String apiKey, String secretKey) {
    URL url;
    HttpURLConnection connection = null;
    try {

      targetURL += ((targetURL.indexOf("?")>0)?"&":"?") + "timestamp=" + System.currentTimeMillis();

      //Create connection
      url = new URL(targetURL);
      connection = (HttpURLConnection)url.openConnection();
      connection.setRequestMethod(method);
      System.out.println(connection.getRequestMethod());

      connection.setRequestProperty("Content-Type", "application/json");
      connection.setRequestProperty("Content-Length", Integer.toString(requestBody.getBytes().length));

      // Provide API key and signature
      connection.setRequestProperty("X-Api-Key", apiKey);
      connection.setRequestProperty("X-Api-Signature",computeSignature(secretKey,targetURL,requestBody));

      //Send request
      if(method.equals("POST")) {
        connection.setDoOutput(true);
        connection.setRequestMethod(method);

        DataOutputStream wr = new DataOutputStream(
            connection.getOutputStream());

        wr.write(requestBody.getBytes("UTF-8"));
        wr.flush();
        wr.close();
      }

      //Get Response
      InputStream is;
      if (connection.getResponseCode() < HttpURLConnection.HTTP_BAD_REQUEST) {
        is = connection.getInputStream();
      } else {

        is = connection.getErrorStream();
      }

      BufferedReader rd = new BufferedReader(new InputStreamReader(is));
      String line;
      StringBuffer response = new StringBuffer();
      while((line = rd.readLine()) != null) {
        response.append(line);
        response.append('\r');
      }
      rd.close();
      return response.toString();

    } catch (Exception e) {

      e.printStackTrace();
      return null;

    } finally {

      if(connection != null) {
        connection.disconnect();
      }
    }
  }

  public static String computeSignature(String secretKey, String url, String reqData) {

    String data = url + reqData;

    System.out.println(data);

    try {
      Mac sha256Hmac = Mac.getInstance("HmacSHA256");
      SecretKeySpec key = new SecretKeySpec(secretKey.getBytes(), "HmacSHA256");
      sha256Hmac.init(key);

      byte[] macData = sha256Hmac.doFinal(data.getBytes("UTF-8"));

      String result = "";
      for (final byte element : macData){
        result += Integer.toString((element & 0xff) + 0x100, 16).substring(1);
      }
      return result;

    } catch (Exception e) {
      e.printStackTrace();
      return "";
    }
  }
}

Ruby

require 'uri'
require 'net/http'
require 'digest/hmac'
require 'json'

class WyreApi
  # todo replace these with your real Wyre credentials
  ACCOUNT_ID = 'AC-XXXXXXX'
  API_KEY = 'AK-AAAAAAAA-AAAAAAAA-AAAAAAAA-AAAAAAAA'
  SEC_KEY = 'SK-AAAAAAAA-AAAAAAAA-AAAAAAAA-AAAAAAAA'
  API_URL = 'https://api.sendwyre.com'
  # API_URL = 'https://api.testwyre.com' # todo use this for Wyre's testing environment

  def create_transfer options
    api_post '/v2/transfers', options
  end

  private

  def api_post path, post_data = {}
    params = {
      'timestamp' => (Time.now.to_i * 1000).to_s
    }

    url = API_URL + path + '?' + URI.encode_www_form(params)

    headers = {
      'X-Api-Key' => API_KEY,
      'X-Api-Signature' => calc_auth_sig_hash(url + post_data.to_json.to_s)
    }

    uri = URI API_URL
    Net::HTTP.start(uri.host, uri.port, :use_ssl => true) do |http|
      http.request_post(url, post_data.to_json.to_s, headers) do |res|
        response = JSON.parse res.body
        raise response['message'] if res.code != '200'
        return response
      end
    end
  end

  def calc_auth_sig_hash url_body
    return Digest::HMAC.hexdigest url_body, SEC_KEY, Digest::SHA256
  end
end

api = WyreApi.new
api.create_transfer({'sourceAmount'=>50,'sourceCurrency'=>'USD','dest'=>'account:' + ACCOUNT_ID, 'destCurrency'=>'BTC', 'message'=>'buy some bitcoin')