Skip to main content

Documentation Index

Fetch the complete documentation index at: https://developers.ingopayments.com/llms.txt

Use this file to discover all available pages before exploring further.

Notify — Managed Parties uses the same HMAC-SHA512 request signing as all Ingo Payments products. The signature construction process is identical across all Ingo APIs.
Your HMAC credentials are provisioned by your Ingo integration manager at onboarding. The secret is used locally to sign requests and is never transmitted.
See the IngoPay API Authentication page for the complete step-by-step signature construction guide, full HTTP request example, and common error reference.

Authorization header format

hmac username="{username}", algorithm="hmac-sha512", headers="{header_string}", signature="{signature}"

Required headers

HeaderDescription
X-DateCurrent timestamp in GMT/RFC 1123 format. ±300s clock skew allowed.
Content-sha512Base64-encoded SHA-512 hash of the raw request body (RAW output, not hex).
Content-LengthByte length of the request body.
Content-TypeAlways application/json.
AuthorizationHMAC-SHA512 signature header (constructed last).

Environments

EnvironmentBase URL
Sandboxhttps://payapi-sandbox.ingo.money
Productionhttps://payapi.ingo.money

Party authentication vs. request signing

HMAC-SHA512 signs your server-to-Ingo requests — it authenticates your platform as the sender. This is separate from recipient and party authentication, which is managed by Ingo on behalf of your program (Recipient Authentication, RVDM, Account Verification). Your HMAC secret is never exposed to recipients or parties.