PayPay performs authentication based on a hash value using the API key and API key secret.
Please write the headers based on the examples and specifications described below.
HMAC authentication for POST API "create a code"
<API endpoint used>
/v2/codes
<Authentication information>
API key: sample_key
API secret: sample_secret
nonce: fedaa4
Epoc:1743138611
contentType: application/json
<Request body>
{
"merchantPaymentId": "TEST_QR_Payment",
"amount": {
"amount":10,
"currency": "JPY"
},
"codeType": "ORDER_QR",
"isAuthorization":false,
"redirectUrl":"https://about.paypay.ne.jp/",
"redirectType":"WEB_LINK"
}
<Hash generated based on the above information>
MLxlUQr2VdWLJeFBlUgm6g==
<HMAC header generated based on the above information>
hmac OPA-Auth:sample_key:MJHYLgd2tS40b8br2KDNGrZ8ADNpK/BkmnZhXNcVH/Y=:fedaa4:1743138611:MLxlUQr2VdWLJeFBlUgm6g==HMAC authentication for GET API "Get payment details"
<API endpoint used>
/v2/codes/payments/{merchantPaymentId}
<Authentication information>
API key: sample_key
API secret: sample_secret
nonce:a360e2
Epoc:1743139337
bodyHash: empty
contentType: empty
<Request body>
None
<merchantPaymentID used>
TEST_merchantPaymentID
<HMAC header generated based on the above information>
hmac OPA-Auth:sample_key:4GBwHd1rzZ5CrMRieDW/jDQcvOCeVhg4bBx4iZ6Hzw0=:a360e2:1743139337:emptyFor details about HMAC authentication, please refer to the following document.
https://www.paypay.ne.jp/opa/doc/jp/v1.0/api_authorization.html