B2B API Overview
The B2B API is designed for machine-to-machine integration, allowing you to programmatically manage branches, quotas, and bank accounts for your EasySlip service.
The B2B API uses HMAC-SHA256 signature-based authentication for enhanced security. Use your B2B Client 64-character hex key as X-API-Key for all /b2b/* management endpoints.
Base URL
https://api.easyslip.com/b2bAuthentication
All requests must include HMAC-SHA256 signature headers. See the Authentication Guide for full details.
| Header | Description |
|---|---|
X-API-Key | Your B2B Client 64-char hex key |
X-Timestamp | Unix timestamp in seconds |
X-Nonce | UUID v4, unique per request |
X-Signature | HMAC-SHA256 signature |
Endpoints
| Method | Endpoint | Description |
|---|---|---|
GET | /b2b/branches | List all branches |
GET | /b2b/branches/:branchId | Get a branch |
POST | /b2b/branches | Create a branch |
PATCH | /b2b/branches/:branchId | Update a branch |
DELETE | /b2b/branches/:branchId | Delete a branch |
GET | /b2b/branches/:branchId/quota | Check quota |
PUT | /b2b/branches/:branchId/quota | Set quota limit |
POST | /b2b/branches/:branchId/quota/adjust | Adjust quota |
POST | /b2b/branches/:branchId/quota/reset | Reset used quota |
GET | /b2b/branches/:branchId/bank-accounts | List linked bank accounts |
POST | /b2b/branches/:branchId/bank-accounts | Link bank accounts |
DELETE | /b2b/branches/:branchId/bank-accounts/:bankAccountId | Unlink a bank account |
POST | /b2b/bank-accounts | Create a bank account |
Quick Example
A signed GET request to list all branches:
bash
API_KEY="your_api_key"
SECRET_KEY="your_secret_key"
TIMESTAMP=$(date +%s)
NONCE=$(uuidgen | tr '[:upper:]' '[:lower:]')
EMPTY_HASH=$(printf '' | shasum -a 256 | cut -d' ' -f1)
STRING_TO_SIGN="GET\n/b2b/branches\n${TIMESTAMP}\n${NONCE}\n${EMPTY_HASH}"
SIGNATURE=$(printf "${STRING_TO_SIGN}" | openssl dgst -sha256 -hmac "${SECRET_KEY}" | cut -d' ' -f2)
curl -X GET https://api.easyslip.com/b2b/branches \
-H "X-API-Key: ${API_KEY}" \
-H "X-Timestamp: ${TIMESTAMP}" \
-H "X-Nonce: ${NONCE}" \
-H "X-Signature: ${SIGNATURE}"javascript
import crypto from 'crypto'
const apiKey = 'your_api_key'
const secretKey = 'your_secret_key'
const timestamp = Math.floor(Date.now() / 1000).toString()
const nonce = crypto.randomUUID()
const bodyHash = crypto.createHash('sha256').update('').digest('hex')
const stringToSign = `GET\n/b2b/branches\n${timestamp}\n${nonce}\n${bodyHash}`
const signature = crypto.createHmac('sha256', secretKey).update(stringToSign).digest('hex')
const response = await fetch('https://api.easyslip.com/b2b/branches', {
headers: {
'X-API-Key': apiKey,
'X-Timestamp': timestamp,
'X-Nonce': nonce,
'X-Signature': signature,
},
})
const result = await response.json()
console.log(result.data)Error Codes
| Code | HTTP Status | Description |
|---|---|---|
INVALID_AUTH_HEADERS | 401 | Missing or malformed authentication headers |
INVALID_TIMESTAMP | 401 | Timestamp outside the allowed window (±5 minutes) |
DUPLICATE_NONCE | 401 | Nonce has already been used |
INVALID_API_KEY | 401 | API key does not exist or is inactive |
SERVICE_SUSPENDED | 403 | Service has been suspended |
INVALID_SIGNATURE | 401 | Computed signature does not match |
BRANCH_QUOTA_EXCEEDED | 403 | Branch has exceeded its quota limit |
Error Response Format
json
{
"success": false,
"error": {
"code": "INVALID_SIGNATURE",
"message": "The request signature is invalid"
}
}Next Steps
- Authentication Guide — Learn how to sign requests
- Branch Management — Create and manage branches
- Quota Management — Monitor and control usage
- Bank Accounts — Manage linked bank accounts