The Customer API is a REST via HTTPS interface. You can use it to create a new customer (investor) entity in our system, to save their KYC data, request wallet openings, whitelist customers (= authorize them to hold a specific token) and to send order data.
ℹ️ For API clients, integrating with our Customers API is the minimum level of integration required, since customers / investors cannot be created manually in our system.
As a prerequisite to the NYALA API integration, you must already have built the following functions in your interface:
An API endpoint to transmit AML/KYC data, the Investor’s investment amount and number of tokens to NYALA.
An interface to display crypto wallet information (e.g. a link to view wallet in the blockchain explorer).
An interface (e.g. a digital postbox) to share mandatory registry extracts with your Investors.
The following steps detailed in this chapter’s sub-pages must be followed in order.
IMAGE
Skipping a step of the process will likely result in an error.
This API uses HMAC (Hash-based Message Authentication Code) for security. Every request must include an Authorization header containing a signature generated using your Secret Key.
| Header | Value |
|---|---|
Authorization | HMAC <API_KEY>:<SIGNATURE> |
Content-Length | The byte length of the request body |
The signature is a Base64 encoded HMAC-SHA256 hash. The "message" to be signed is constructed by concatenating the following strings in order:
- Content Length: The length of the request body (or "0" if empty).
- HTTP Method: (e.g.,
GET,POST,PATCH). - Normalized URL: The full URL, converted to lowercase, with the
?removed.
You can use this logic in your frontend or Node.js applications:
const msg = `${contentLength || 0}${method}${url.replace("?", "").toLowerCase()}`;
const hmac = CryptoJS.HmacSHA256(msg, apiSecret);
const signature = CryptoJS.enc.Base64.stringify(hmac);
const authHeader = `HMAC ${apiKey}:${signature}`;