Authentication

The Ingo Banking Platform API uses the same HMAC-SHA512 request signing as all Ingo Payments products. The signature construction process is identical across all Ingo APIs.

Your HMAC credentials are provisioned by your Ingo integration manager at onboarding. The secret is used locally to sign requests and is never transmitted.

See the IngoPay API Authentication page for the complete step-by-step signature construction guide, full HTTP request example, and common error reference.

Authorization header format

hmac username="{username}", algorithm="hmac-sha512", headers="{header_string}", signature="{signature}"

Required headers

Header	Description
`X-Date`	Current timestamp in GMT/RFC 1123 format. ±300s clock skew allowed.
`Content-sha512`	Base64-encoded SHA-512 hash of the raw request body (RAW output, not hex).
`Content-Length`	Byte length of the request body.
`Content-Type`	Always `application/json`.
`Authorization`	HMAC-SHA512 signature header (constructed last).

Environments

Environment	Base URL
Sandbox	`https://payapi-sandbox.ingo.money`
Production	`https://payapi.ingo.money`

Banking Platform note

The Banking Platform API is currently in beta. Credentials and environment access are issued directly by your Ingo integration manager. Contact your integration manager to request access.

Banking Platform Overview

Quick Start

⌘I

Authorization header format
Required headers
Environments
Banking Platform note

Overview

Onboarding

Accounts

Cards

Move Money

Webhooks

Authorization header format

Required headers

Environments

Banking Platform note

Overview

Onboarding

Accounts

Cards

Move Money

Webhooks

Documentation Index

​Authorization header format

​Required headers

​Environments

​Banking Platform note

Authorization header format

Required headers

Environments

Banking Platform note