Initiate Requests

Requests to the BasicEx Payment REST API follow RESTful conventions, using standard HTTP methods and status codes for various resource interactions, and returning JSON-formatted responses. The process of this exchange is greatly simplified by using BasicEx Payment Official SDKs.

Each request must include the following basic declaration in the HTTP headers:

Content-Type: application/json

API Authentication Mechanism & Request Headers

When using BasicEx Payment interfaces that require authentication (which includes most core business interfaces), your API requests must carry specific signature headers depending on the chosen authentication method.

Currently, BasicEx Payment supports the following two mainstream API authentication signature methods. You may choose one based on your business security focus:

Option A: Authentication using API Key (Suitable for regular integration, lightweight access)

When using API Key authentication, your HTTP Header must include:

X-Api-Key: The API Key value assigned to you in the Merchant Portal.
X-Signature: A Hexadecimal (Hex) string representing the HMAC-SHA512 hash of the data to be signed, calculated using the Secret Key associated with your API Key.

Option B: Authentication using Merchant API Certificate (Suitable for high-security core business)

When using an asymmetric encryption certificate for authentication, your HTTP Header must include:

X-Identity: The content of the Merchant API Public Key Certificate issued by the platform (with newline characters removed).
X-Signature: A Base64 encoded string representing the SHA256 with RSA signature of the data to be signed, calculated using the corresponding merchant private key (.key file).

Signing Your Requests & Detailed Guide

Regarding "how to construct the string to be signed", how the encryption algorithm processes it, and specific signature concatenation examples. Regardless of whether you choose the API Key or Merchant API Certificate, you must carefully review the algorithms and data formats according to the guide below:

👉 View the full: Signed Request & Underlaying Authentication Flow Guide

Initiate Your First Request

Once your authentication headers are prepared, send your HTTP request to the resource URI.

For example, to create an Invoice, your request might look like this:

http

POST /v2/invoices HTTP/1.1
Host: openapi.basicex.com
Content-Type: application/json
X-Api-Key: YOUR_API_KEY
X-Signature: YOUR_HMAC_HEX_SIGNATURE

{
  "orderNo": "2023082300001",
  ...
}

For more information on specific resource URLs and parameters, please visit the specific business resource documentation pages.

Initiate Requests ​

API Authentication Mechanism & Request Headers ​

Option A: Authentication using API Key (Suitable for regular integration, lightweight access) ​

Option B: Authentication using Merchant API Certificate (Suitable for high-security core business) ​