Discussions

Discussions

Ask a Question
Back to All

I getting Signature error all the time, but I think code is right

29 days ago by Egor Goncharov

Description: I am experiencing a persistent "Signature error" when submitting payment requests to the AEON API endpoint. I believe my backend and frontend code align with the API requirements for generating a valid signature, but I continue to receive an error with code: 8007.

Here’s an overview of my code implementation for generating the signature and submitting the request:

Backend Code for Signature Generation: 

const jsonData = `{
    "appId": "${process.env.AEON_APPID}",
    "callbackURL": "https://website.com/aeon/callback",
    "redirectURL": "https://t.me/bot?startapp",
    "merchantOrderNo": "${aeon_order_id}",
    "orderAmount": "${price}",
    "payCurrency": "USD",
    "userId": "${username}",
    "tgModel": "MINIAPP"
}`;  
const resultMap = JSON.parse(jsonData);  
const secret = process.env.AEON_SECRET;  
const result = SHAEncrypt(resultMap, secret);  
resultMap.sign = result;

function SHAEncrypt(data, secret) {  
    let dataString = Object.keys(data)  
        .sort()  
        .map(key => `${key}=${data[key]}`)  
        .join('&');  
    dataString = dataString + `&key=${secret}`;  
    return createHmac('sha512', secret)  
        .update(dataString)  
        .digest('hex')  
        .toUpperCase();  
}

Frontend Code for Submitting Request:

let resSign = {  
    appId: 'appid',  
    callbackURL: '<https://website.com/aeon/callback',  
    redirectURL: '<https://t.me/bot?startapp',  
    merchantOrderNo: order_id,  
    orderAmount: price,  
    payCurrency: 'USD',  
    userId: username,  
    tgModel: 'MINIAPP',  
    sign: '2A97A92690CB0FB0DDEA22DEE9DA1A5B5092304EC70335C08B650119C68FF95FDF54330CA9B5B4A3D3790810E18C0297B9B197D802719E67B86AEB2D06013158'  
};  
const responseAeon = await fetch('https://sbx-crypto-payment-api.aeon.xyz/open/api/tg/payment/V2', {  
    method: 'POST',  
    headers: {  
        'Accept': 'application/json',  
        'Content-Type': 'application/json'  
    },  
    body: JSON.stringify(resSign)  
});

{  
    "code": "8007",  
    "error": true,  
    "msg": "Signature error",  
    "success": false,  
    "traceId": "672933a9e4bc059fa1a63bd30f2595b7"  
}

Could you please review my code and provide guidance on what might be causing the signature verification to fail?