API Sandbox


The Coins Access API sandbox allows the Merchant’s developers to imitate the characteristics of a production environment in a dedicated testing environment where they can create simulated responses from all APIs the application relies on.

Security Protocol

  • The server API must be implemented as an HTTPS endpoint on both sides
  • All content is to be encoded with the UTF-8 character encoding system
  • The request body must be in JSON format
  • The encryption method is SHA256 with RSA signature
  • Private key is used for generating signatures and the public key is used for verifying signatures.


* @param srcData    original data
* @param privateKey
* @return sign result
public static String sign(String srcData, PrivateKey privateKey) throws Exception {
   byte[] keyBytes = privateKey.getEncoded();
   PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(keyBytes);
   KeyFactory keyFactory = KeyFactory.getInstance("RSA");
   PrivateKey key = keyFactory.generatePrivate(keySpec);
   Signature signature = Signature.getInstance("SHA256withRSA");
   return new String(Base64.encodeBase64(signature.sign()));