Appearance
Authentication
Every API request must include an auth object for authentication.
Auth Object
json
{
"auth": {
"id": 123,
"key": 1706360400000,
"hash": "a1b2c3d4e5f6..."
}
}Fields
| Field | Type | Description |
|---|---|---|
id | integer | Your Point of Sale ID (provided by manager) |
key | integer | Incremental number, must be greater than previous request |
hash | string | MD5 hash of concatenated id + token + key |
Hash Generation
The hash is calculated as: md5(id + token + key)
id— Your Point of Sale ID (integer)token— Your secret token (provided by manager)key— Current timestamp in milliseconds (or any incremental number)
Important
The key must always be greater than in the previous request. If you need to reset your key, contact [email protected].
Code Examples
bash
#!/bin/bash
ID=123
TOKEN="your-secret-token"
KEY=$(date +%s%3N) # Current timestamp in milliseconds
# Concatenate and generate MD5 hash
HASH=$(echo -n "${ID}${TOKEN}${KEY}" | md5sum | cut -d' ' -f1)
echo "id: $ID"
echo "key: $KEY"
echo "hash: $HASH"
# Example curl request
curl -X POST https://api.paynet.one/balance \
-H "Content-Type: application/json" \
-d "{
\"auth\": {
\"id\": $ID,
\"key\": $KEY,
\"hash\": \"$HASH\"
}
}"php
<?php
class PaynetAuth
{
private int $id;
private string $token;
public function __construct(int $id, string $token)
{
$this->id = $id;
$this->token = $token;
}
public function generate(): array
{
$key = round(microtime(true) * 1000);
$hash = md5($this->id . $this->token . $key);
return [
'id' => $this->id,
'key' => $key,
'hash' => $hash
];
}
}
// Usage
$auth = new PaynetAuth(123, 'your-secret-token');
$authData = $auth->generate();python
import hashlib
import time
class PaynetAuth:
def __init__(self, id: int, token: str):
self.id = id
self.token = token
def generate(self) -> dict:
key = int(time.time() * 1000)
hash_string = f"{self.id}{self.token}{key}"
hash_value = hashlib.md5(hash_string.encode()).hexdigest()
return {
'id': self.id,
'key': key,
'hash': hash_value
}
# Usage
auth = PaynetAuth(123, 'your-secret-token')
auth_data = auth.generate()javascript
import crypto from 'crypto';
class PaynetAuth {
constructor(id, token) {
this.id = id;
this.token = token;
}
generate() {
const key = Date.now();
const hashString = `${this.id}${this.token}${key}`;
const hash = crypto.createHash('md5').update(hashString).digest('hex');
return {
id: this.id,
key,
hash
};
}
}
// Usage
const auth = new PaynetAuth(123, 'your-secret-token');
const authData = auth.generate();csharp
using System.Security.Cryptography;
using System.Text;
public class PaynetAuth
{
private readonly int _id;
private readonly string _token;
public PaynetAuth(int id, string token)
{
_id = id;
_token = token;
}
public (int id, long key, string hash) Generate()
{
long key = DateTimeOffset.UtcNow.ToUnixTimeMilliseconds();
string hashString = $"{_id}{_token}{key}";
using var md5 = MD5.Create();
byte[] hashBytes = md5.ComputeHash(Encoding.UTF8.GetBytes(hashString));
string hash = BitConverter.ToString(hashBytes).Replace("-", "").ToLower();
return (_id, key, hash);
}
}
// Usage
var auth = new PaynetAuth(123, "your-secret-token");
var (id, key, hash) = auth.Generate();Security Notes
Never expose your token in client-side code or public repositories.
Use HTTPS only — All API requests must be made over HTTPS.
IP Whitelist — Contact your manager to whitelist your server IP addresses.
Key increments — The
keymust always increase. Using timestamps ensures this naturally.