Overview

403 - Forbidden: This error occurs when the signature geenrated does not match the request body. It usually results from changing the request body after the signature generation.

{
    "success": false,
    "message": "Request was not verified."
}

Common Causes and Resolutions

  1. Modified Request Body After Signature Generation: The signature is generated based on the original request payload, but changes to the payload invalidate the signature.

    How To Resolve: Ensure the payload is finalized before generating the signature. If any changes are necessary, regenerate the signature to match the updated payload.

  2. Incorrect Parameters Passed During Signature Generation: If you opt to implement the [signature geenration using code], you need to check for the following:

    • For the request body used to generate the signature, ensure to include all the required fields for the specific api as outlined in the api reference
    • You need to include the “secret_id” as “senderKey” within the request body like this:
    {
    "sender": "Integration_title",
    "timestamp": "UNIX_timestamp",
    "salt": "random_salt_value",
    "client_id": "your_client_key_here",
    "senderKey": "your_secret_key_here",
    "params":{}
}
    • Ensure the payment method type field is supported based on the country selected. You can find the list of supported methods listed here: collections, disbursements
    • Ensure the callback_url field is not encoded while generating the hashed string in order for the generated signature to be reproduced from our end as well. For example, the hashed string should have the url section as: …&params.callback_url=https://example.com/callback_url&params.country_id=2

Best Practices

  • Generate Signatures After Finalizing the Payload:

    • Always create or update the signature after making any changes to the request payload.

  • Refer to Documentation:

If the issue persists, please contact our team at support@niobi.co.

Additional Resources