# Getting Started for Partner Onboarding on the IPPA for Partners is a **"server-to-server"** communication. We have provided a list of endpoints to make the integration and onboarding seamless. Below is the description of how to authenticate with our endpoints and a list of endpoints needed to successfully onboard. ### Authentication A one time link will be sent to the email of the partner upon sign up to retrieve “public key, private key and Partner ID. {% hint style="warning" %} This is a one time link. If you mistakenly close the link, use this to regenerate new credentials. Onboarding Endpoints api/v1/no-auth/PartnerP2P/OnboardPartner {% endhint %} #### PUBLIC KEY - pk\_*partner\_*xxx In every request, your public key will be added to the authorization header as a bearer token when making a request to your System. #### SECRET KEY OF PARTNER - sk\_*partner\_*xxx When Intrapay is making a request to the Partner’s server, we use the Partner’s secret Key to generate “Digital Signature” which is attached to the request body as “Signature Key”. Also note that the Partner is expected to do the same except for Order Creation & Order Notification as explained below #### SECRET KEY OF MERCHANT - sk\_*merchant\_*xxx The secret key of the merchant and the secret key of the partner *(for example, concat string:- \[sk\_merchant\_xxx+''+sk\_partner\_xxx] )* is used to generate the digital signature that is attached to the request body when making the following request: * 1\. Create an order on Intraypay by partner * 2\. Send Order Notification to Partner Order Notification URL {% hint style="warning" %} Also, note that the public key of the partner will / should always be added as an authorization header when making requests to intrapay {% endhint %} #### DIGITAL SIGNATURE SHA-512 is the encryption algorithm used; signed with the SECRET KEY(s) for all requests body. {% hint style="warning" %} Also, note that the signature key in the request body is ignored during the signing of the request body {% endhint %} Digital signatures are compared as an integrity test. You compare it when we post callback to you and we compare when you create an order. what is compared is the signed body without the signature field ### Partner Onboarding Endpoints {% hint style="danger" %} Please call this endpoint once. To add extra currency go to you intrapay dashboad and add subaccount for more currencies. {% endhint %} ## This endpoint is to register a partner `POST` `https://exchanger-api.fuspay.finance/api/v1/no-auth/PartnerP2P/OnboardPartner.` Partner's Public, Secret Keys, and partners ID will be sent to Partner email as a one-time link. #### Headers | Name | Type | Description | | ---------------------------------------------- | ------ | ---------------- | | Content-Type\* | String | application/json | #### Request Body | Name | Type | Description | | ----------------------------------------------- | ------ | ----------------------------- | | partner\_code\* | String | a code signifying the partner | | email\* | String | email of the partner | {% tabs %} {% tab title="200: OK " %} {% endtab %} {% endtabs %} ### Example request- Code. {% tabs %} {% tab title="Nodejs" %} ```javascript const fetch = require('node-fetch'); fetch("https://exchanger-api.fuspay.finance/api/v1/no-auth/PartnerP2P/OnboardPartner", { "method": "POST", "headers": { "Content-Type": "application/json", "cookie": "connect.sid=s%253AoNBPv4ez8npeuKVKlS9KwX_1Dshiamlf.n8opjPuoF3XsU%252Be0VTLMUe6xzeAXmpCfQrpW9KW1KDs" }, "body": { "partner_code": "Binance", "email": "sample@example.com" } }) .then(response => console.log(response)) .catch(err => console.error(err)); ``` {% endtab %} {% tab title="cURL" %} ``` curl "https://exchanger-api.fuspay.finance/api/v1/no-auth/PartnerP2P/OnboardPartner" \ -H 'Content-Type: application/json' \ -X POST \ -b 'connect.sid'='s%3AoNBPv4ez8npeuKVKlS9KwX_1Dshiamlf.n8opjPuoF3XsU%2Be0VTLMUe6xzeAXmpCfQrpW9KW1KDs' \ -d '{ "partner_code": "Binance", "email": "sample@example.com" }' ``` {% endtab %} {% endtabs %} {% hint style="info" %} After onboarding on the partner onboarding endpoint, you have to provide the IPs for your system. As the IPs need to whitelisted on our system. {% endhint %} ### IP Capture & Whitelisting ## This endpoint is used to capture your IPs for Whitelisting. Just post any data to it and we would know your IP and whitelist for you. `POST` `https://staging-exchanger-api.fuspay.finance/test-ip-connection/` {% tabs %} {% tab title="200: OK " %} {% endtab %} {% endtabs %} ### ### Regenerate Partners Pub/Priv Keys ## This endpoint is used by partners to regenerate their keys `POST` `https://exchanger-api.fuspay.finance/api/v1/no-auth/PartnerP2P/OnboardPartner./` A One time reset link is sent to the partner email address to regenerate the keys **Old keys becomes invalid** #### Headers | Name | Type | Description | | ----------------------------------------------- | ------ | ------------------------ | | Content-type\* | String | application/json | | Authorization\* | String | Bearer pk\_partner\_xxxx | #### Request Body | Name | Type | Description | | ----------------------------------------------- | ------ | ---------------------------------------------- | | email\* | String | | | signature\* | String | sha512-req-body-signed-with-sk\_partner\_xxxxx | | partner\_code\* | String | the partner code used on partner onboarding | {% tabs %} {% tab title="200: OK " %} {% endtab %} {% endtabs %} #### Example Request- Code {% tabs %} {% tab title="Node" %} ```javascript const fetch = require('node-fetch'); fetch("https://exchanger-api.fuspay.finance/api/v1/no-auth/PartnerP2P/GenKeysForPartner", { "method": "POST", "headers": { "Content-Type": "application/json", "Authorization": "Bearer pk_partner_xxxx", }, "body": { "email": "sample@example.com", "partner_code":"", "signature": "sha512-req-body-signed-with-sk_partner_xxxxx" } }) .then(response => console.log(response)) .catch(err => console.error(err)); ``` {% endtab %} {% endtabs %} ###