Using Signature
If you use one of the supplied SDKs, there is no reason to use the code in the following section as the signature can be generated by calling the generate_signature function. The generated signature has to be passed as a string in your request.
Overview
To communicate with our system we require a unique signature on each request to ensure that both parties are who they say they are. This signature should be generated at the time of the job submission. To calculate your signature, you will need your partner ID
and API Key for Signature
, both of which are available on the portal.
API Key for Signature

You can find and generate your an API key here. The key is unique to each environment, so you will need a different key for the sandbox and production environments. You can rotate your API key any time, however your previous key will be immediately disabled.
Partner ID
You will need to know your partner ID, to create the signature. Your partner ID can be viewed when logged into the portal. To calculate your signature you will need to input your partner ID as a string, as explained below
Your partner ID: 085
String Value of your partner ID: "085"
Generating the signature
Follow the steps below to generate your signature
Create a timestamp in an ISO date format
Create a new hmac-sha256 hash function using Signature API Key.
Update the function message with timestamp created in 1, your partner Id, and "sid_request" string
Base64 encode the encrypted hash
Example code for creating the signature
require 'openssl'
require 'time'
require 'base64'
timestamp = Time.now.to_s
api_key = '<API-Key>'
partner_id = '<partner-id>'
hmac = OpenSSL::HMAC.new(api_key, 'sha256')
hmac.update(timestamp) hmac.update(partner_id)
hmac.update("sid_request")
signature = Base64.strict_encode64(hmac.digest())
Reminder: You must pass the signature as a string in your request. Your timestamp should be a string in the ISO 8601 format "yyyy-MM-dd'T'HH:mm:ss.fffZ"
Confirming an incoming signature
To verify the authenticity of the response received from your callback as genuinely originating from Smile ID, you can confirm the returned signature and timestamp. The sample codes provided below can be used to confirm the signature in the request:
Example code for confirming the signature
require 'openssl'
require 'time'
require 'base64'
# Example inputs - replace these with actual received values
# The signature received in the callback response
received_signature = ""
# The actual timestamp received in the callback response
received_timestamp = ""
# Your partner ID
partner_id = ""
# Your api key for the environment in concern (sandbox / production)
api_key = ""
# Function to verify the signature
def confirm_signature(received_signature, received_timestamp, partner_id, api_key)
hmac = OpenSSL::HMAC.new(api_key, 'sha256')
hmac.update(received_timestamp)
hmac.update(partner_id)
hmac.update("sid_request")
generated_signature = Base64.strict_encode64(hmac.digest)
received_signature == generated_signature
end
# print out a confirmation status
is_signature_valid = confirm_signature(received_signature, received_timestamp, partner_id, api_key)
puts "Is the signature valid? #{is_signature_valid}"
Reminder: You must pass the received signature, received timestamp, partner id and api key as strings.
Last updated
Was this helpful?