> For the complete documentation index, see [llms.txt](https://readme.streampayments.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://readme.streampayments.io/readme/documentation/gettings-started/configuracion.md). # Configuración ## ⚙️ Configuración Inicial ### **Requisitos Previos** 1. **RUC activo** del comercio 2. **Representante legal** con poderes vigentes ### **Entornos Disponibles** | Entorno | URL Base PAYIN | URL Base PAYOUT | | -------------- | ----------------------------------------------------- | --------------------------------------------------------------- | | **Sandbox** | `https://dev.api.inflow.streampayments.io/api/v1/trx` | `https://dev.api.outflow.streampayments.io/spay-connect/api/v1` | | **Producción** | `https://api.inflow.streampayments.io/api/v1/trx` | `https://api.outflow.streampayments.io/spay-connect/api/v1` | ### **Credenciales** Después del onboarding recibirás: **Para PAYIN y PAYOUT:** * `x-api-key`: Clave API del comercio * `x-api-secret`: Secreto para firma HMAC * `secretKey`: Clave única del comercio para algoritmo HMAC *** ## 🔐 Autenticación ### **Autenticación HMAC SHA256 (Unificada)** Ambos productos (PAYIN y PAYOUT) utilizan el mismo método de autenticación HMAC SHA256. #### **Generación de Firma - Método General** ```javascript const CryptoJS = require('crypto-js'); // Credenciales del comercio const apiKey = "TU_API_KEY"; const apiSecret = "TU_API_SECRET"; const secretKey = "TU_SECRET_KEY_UNICO"; // Único por comercio const timestamp = Date.now(); // Campos variables según producto (ver tabla de diferencias) const operationId = "ID_OPERACION"; // merchantOperationId o transactionId const amount = "10.00"; const currency = "PEN"; // Crear mensaje para firma const message = `${apiKey}-${apiSecret}-${timestamp}-${operationId}-${amount}-${currency}`; // Generar HMAC SHA256 const hmac = CryptoJS.HmacSHA256(message, secretKey); const signature = CryptoJS.enc.Base64.stringify(hmac); // Headers requeridos (iguales para ambos productos) const headers = { 'Content-Type': 'application/json', 'x-api-key': apiKey, 'x-api-secret': apiSecret, 'x-timestamp': timestamp.toString(), 'x-signature': signature }; ``` #### **Diferencias por Producto** | Campo | PAYIN | PAYOUT | Descripción | | ------------------- | --------------------- | --------------- | --------------------------------- | | **ID de Operación** | `merchantOperationId` | `transactionId` | Campo que identifica la operación | #### **Ejemplo Específico PAYIN** ```javascript // Datos específicos para PAYIN const merchantOperationId = Math.floor(Math.random() * 100000000000000); const amount = "1.00"; const currency = "PEN"; // Mensaje para firma PAYIN const message = `${apiKey}-${apiSecret}-${timestamp}-${merchantOperationId}-${amount}-${currency}`; ``` #### **Ejemplo Específico PAYOUT** ```javascript // Datos específicos para PAYOUT (extraídos del request body) const transactionId = "9700000009"; const amount = "10.00"; const currencyCode = "PEN"; // Mensaje para firma PAYOUT const message = `${apiKey}-${apiSecret}-${timestamp}-${transactionId}-${currency}-${amount}`; ``` ### 🔑 Resumen de Autenticación #### **Método Único para Ambos Productos** | Aspecto | Valor | | ------------------------- | --------------------------------------------------------- | | **Algoritmo** | HMAC SHA256 | | **Headers** | `x-api-key`, `x-api-secret`, `x-timestamp`, `x-signature` | | **Secret Key** | Único por comercio | | **Estructura de Mensaje** | `apiKey-apiSecret-timestamp-operationId-amount-currency` | #### **Headers Comunes** ```javascript const headers = { 'Content-Type': 'application/json', 'x-api-key': 'TU_API_KEY', 'x-api-secret': 'TU_API_SECRET', 'x-timestamp': timestamp.toString(), 'x-signature': signature_base64 }; ``` #### **Proceso de Validación** 1. **Extraer** credenciales del comercio (apiKey, apiSecret, secretKey único) 2. **Obtener** datos de la operación según el producto 3. **Construir** mensaje en formato: `apiKey-apiSecret-timestamp-operationId-amount-currency` 4. **Generar** HMAC SHA256 con el secretKey único del comercio 5. **Codificar** en Base64 6. **Incluir** en header `x-signature` --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://readme.streampayments.io/readme/documentation/gettings-started/configuracion.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.