Integration Setup

Signature Generation

The signature parameter protects On-Ramp widget URLs from forgery. It must be included in every On-Ramp request. It is not required for Off-Ramp operations.

How It Works

The signature is validated when the user selects a payment method. If the signature is missing or invalid, the user sees the Signature is invalid error and cannot proceed with the payment.

Signature Format

Concatenate four values without spaces:

address + secret + ip + merchant_transaction_id

Then compute a SHA-512 hash of that string and prefix it with v2:.

Parameters:

  • address — the user's cryptocurrency wallet address
  • secret — your widget's Secret key from the Dashboard (Widgets → select widget → Secret)
  • ip — the IP address of the user opening the widget
  • merchant_transaction_id — your internal transaction ID

Note: address and merchant_transaction_id must also be present as URL parameters in the widget URL. If they're missing from the URL, signature validation will fail.

Code Examples

JavaScript (Node.js) 

const crypto = require('crypto');

function generateSignature(address, secret, ip, merchantTransactionId) {
  const data = `${address}${secret}${ip}${merchantTransactionId}`;
  const hash = crypto.createHash('sha512').update(data).digest('hex');
  return `v2:${hash}`;
}

// Example
const signature = generateSignature(
  '0x742d35Cc6634C0532925a3b844Bc454e4438f44e',
  'your_secret_key_123',
  '192.168.1.1',
  'tx_123456'
);
// Result: "v2:83a6473f7b0aade8cd794c38f435d8db..."

Python 

import hashlib

def generate_signature(address: str, secret: str, ip: str, merchant_transaction_id: str) -> str:
    data = f"{address}{secret}{ip}{merchant_transaction_id}"
    hash_value = hashlib.sha512(data.encode()).hexdigest()
    return f"v2:{hash_value}"

# Example
signature = generate_signature(
    '0x742d35Cc6634C0532925a3b844Bc454e4438f44e',
    'your_secret_key_123',
    '192.168.1.1',
    'tx_123456'
)
# Result: "v2:83a6473f7b0aade8cd794c38f435d8db..."

Go 

package main

import (
    "crypto/sha512"
    "encoding/hex"
    "fmt"
)

func generateSignature(address, secret, ip, merchantTransactionID string) string {
    data := address + secret + ip + merchantTransactionID
    hash := sha512.Sum512([]byte(data))
    return fmt.Sprintf("v2:%s", hex.EncodeToString(hash[:]))
}

Result URL Example 

https://exchange.mercuryo.io/?widget_id=YOUR_WIDGET_ID
  &address=0x742d35Cc6634C0532925a3b844Bc454e4438f44e
  &merchant_transaction_id=tx_123456
  &signature=v2:83a6473f7b0aade8cd794c38f435d8db621149f206e8488ec99ab12edefc5d55d605384dc0b3cc947a93fd3bd4d0d210c6972fcf39fbb4dce893729ddf8ea825

Try It: Signature Calculator

To verify your implementation, use the calculator below to generate a signature and compare it against the one your server produces.

Note: The hash is computed locally using your browser.

Previous
Integration Methods
Next
Widget Parameters