URL signing

✍️ Protecting your sensitive data

A signed URL helps limit access from unauthorized third parties by providing limited permissions and time to make a request. Passing the signature parameter is mandatory if you're using the walletAddress or walletAddresses parameter and it must be appended at the end of the URL. If your widget URL contains sensitive information, we strongly recommend using the signature parameter.

You can generate a signature of the URL server-side and append it to the end of the URL. If the signature is provided, we'll check the validity of the query string to make sure it has not been altered. If the signature is invalid for any reason the MoonPay widget will fail to load.

How to sign URLs

When using the SDK, you'll need to

  1. Send your widget URL to your backend.
  2. Sign the URL with your secret key found in your MoonPay dashboard.
  3. Return the signature and update the SDK with it.
  4. Show the widget.

How to generate signatures

Compute an HMAC with a SHA-256 hash function. Use your secret API key as the key, and use the original query string as the message.

All query parameter values including the signature (not the entire query string) need to be URL encoded before generating the signature in order for it to be valid.

import crypto from 'crypto';

const originalUrl = 'https://buy-sandbox.moonpay.com?apiKey=pk_test_key&currencyCode=eth&walletAddress=0xde0b295669a9fd93d5f28d9ec85e40f4cb697bae';

const signature = crypto  
  .createHmac('sha256', 'sk_test_key')  
  .update(new URL(originalUrl).search)  

const urlWithSignature = `${originalUrl}&signature=${encodeURIComponent(signature)}`;
$host = 'https://buy-sandbox.moonpay.com';
$query = '?apiKey=pk_test_key&currencyCode=eth&walletAddress=0xde0b295669a9fd93d5f28d9ec85e40f4cb697bae';

$signature  = base64_encode(hash_hmac('sha256', $query, 'sk_test_key', true));

echo $host . $query . "&signature=" . urlencode($signature);



Certain cloud providers and their API gateway may change the order of our parameters resulting in a failed signature validation.