Skip to main content
POST
/
payout
/
v1
/
authorize
Authorize
curl --request POST \
  --url https://payout-api.cashfree.com/payout/v1/authorize \
  --header 'X-Client-Id: <x-client-id>' \
  --header 'X-Client-Secret: <x-client-secret>'
import requests

url = "https://payout-api.cashfree.com/payout/v1/authorize"

headers = {
"X-Client-Secret": "<x-client-secret>",
"X-Client-Id": "<x-client-id>"
}

response = requests.post(url, headers=headers)

print(response.text)
const options = {
method: 'POST',
headers: {'X-Client-Secret': '<x-client-secret>', 'X-Client-Id': '<x-client-id>'}
};

fetch('https://payout-api.cashfree.com/payout/v1/authorize', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));
<?php

$curl = curl_init();

curl_setopt_array($curl, [
CURLOPT_URL => "https://payout-api.cashfree.com/payout/v1/authorize",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_HTTPHEADER => [
"X-Client-Id: <x-client-id>",
"X-Client-Secret: <x-client-secret>"
],
]);

$response = curl_exec($curl);
$err = curl_error($curl);

curl_close($curl);

if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}
package main

import (
"fmt"
"net/http"
"io"
)

func main() {

url := "https://payout-api.cashfree.com/payout/v1/authorize"

req, _ := http.NewRequest("POST", url, nil)

req.Header.Add("X-Client-Secret", "<x-client-secret>")
req.Header.Add("X-Client-Id", "<x-client-id>")

res, _ := http.DefaultClient.Do(req)

defer res.Body.Close()
body, _ := io.ReadAll(res.Body)

fmt.Println(string(body))

}
HttpResponse<String> response = Unirest.post("https://payout-api.cashfree.com/payout/v1/authorize")
.header("X-Client-Secret", "<x-client-secret>")
.header("X-Client-Id", "<x-client-id>")
.asString();
require 'uri'
require 'net/http'

url = URI("https://payout-api.cashfree.com/payout/v1/authorize")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Post.new(url)
request["X-Client-Secret"] = '<x-client-secret>'
request["X-Client-Id"] = '<x-client-id>'

response = http.request(request)
puts response.read_body
{
  "status": "SUCCESS",
  "message": "Token is valid",
  "subCode": "200"
}
{
"status": "ERROR",
"subCode": "401",
"message": "Invalid clientId and clientSecret combination"
}
If you do not have a static IP, you can generate a public key and pass it with the API request. To generate a public key,
  1. Go Payouts Dashboard > Developers section on the left-side navigation > Payouts > Two-Factor Authentication > Public Key.
  2. Click Generate Public Key. The public key will be downloaded to your computer and the password to access it will be your email ID registered with Cashfree Payments. Only one Public Key can be generated at a time.
Below are the steps to generate your signature:
  1. Retrieve your clientId (one which you are passing through the header X-Client-Id )
  2. Append this with CURRENT UNIX timestamp separated by a period (.)
  3. Encrypt this data using RSA encrypt with Public key you received - this is the signature.
  4. Pass this signature through the header X-Cf-Signature. In the case of using our library, go through the libraries section. During the initialization process, you need to pass the key as a parameter.
<?php
public static function getSignature() {
    $clientId = "<your clientId here>";
    $publicKey =
openssl_pkey_get_public(file_get_contents("/path/to/certificate/public
_key.pem"));
    $encodedData = $clientId.".".strtotime("now");
    return static::encrypt_RSA($encodedData, $publicKey);
}
private static function encrypt_RSA($plainData, $publicKey) { if (openssl_public_encrypt($plainData, $encrypted, $publicKey,
OPENSSL_PKCS1_OAEP_PADDING))
    $encryptedData = base64_encode($encrypted);
    else return NULL;
    return $encryptedData;
}
?>
private static String generateEncryptedSignature(String clientIdWithEpochTimestamp) {
    // String clientIdWithEpochTimeStamp = clientId+"."+Instant.now().getEpochSecond();
    String encrytedSignature = "";
    try {
        byte[] keyBytes = Files
            .readAllBytes(new File("/Users/sameera/Downloads/payout_test_public_key.pem").toPath()); // Absolute Path to be replaced
        String publicKeyContent = new String(keyBytes);
        System.out.println(publicKeyContent);
        publicKeyContent = publicKeyContent.replaceAll("[\\t\\n\\r]", "")
            .replace("-----BEGIN PUBLIC KEY-----", "").replace("-----END PUBLIC KEY-----", "");
        KeyFactory kf = KeyFactory.getInstance("RSA");
        System.out.println(publicKeyContent);
        X509EncodedKeySpec keySpecX509 = new X509EncodedKeySpec(
            Base64.getDecoder().decode(publicKeyContent));
        RSAPublicKey pubKey = (RSAPublicKey) kf.generatePublic(keySpecX509);
        final Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-1AndMGF1Padding");
        cipher.init(Cipher.ENCRYPT_MODE, pubKey);
        encrytedSignature = Base64.getEncoder().encodeToString(cipher.doFinal(clientIdWithEpochTimestamp.getBytes()));
        System.out.println(encrytedSignature);
    } catch (Exception e) {
        e.printStackTrace();
    }
    return encrytedSignature;
}
from cashfree_sdk.payouts import Payouts
// Initialise the SDK, pass public key for dynamic IP
Payouts.init("<client_id>", "<client_secret>", "PROD", public_key= b'public key')
//require CashfreeSDK
const cfSdk = require('cashfree-sdk');
//access the PayoutsSdk from CashfreeSDK
const {Payouts} = cfSdk;
// Instantiate Cashfree Payouts
const payoutsInstance = new Payouts({
env: 'TEST',
clientId: '<CLIENT_ID>',
clientSecret: '<CLIENT_SECRET>',
pathToPublicKey: '/path/to/your/public/key/file.pem',
//"publicKey": "ALTERNATIVE TO SPECIFYING PATH (DIRECTLY PASTE PublicKey)"
});

Headers

X-Cf-Signature
string

Signature to be sent if IP is not whitelisted.

X-Client-Secret
string
required

Client Secret key

X-Client-Id
string
required

Client ID

Response

200

status
string
Example:

"SUCCESS"

message
string
Example:

"Token is valid"

subCode
string
Example:

"200"