Overview

This documentation provides information on how to interact with the Innfinn Employer API. The API is authenticated using a public/private key pair and a signature-based mechanism.

Entry Point

Base URL: https://portal.innfinn.com

How to Connect

To authenticate requests, the following headers must be provided:

Header	Description
`X-PUBLIC-KEY`	Merchant’s public key (identifier).
`X-TIMESTAMP`	Current Unix timestamp in seconds (e.g., `1715789203`).
`X-SIGNATURE`	SHA-256 signature to verify request integrity.

Signature Generation (`X-SIGNATURE`)

For POST Requests

The request must include the following HTTP header: Content-Type: application/json
The request body must be in JSON format
Take the raw JSON string (as-is, without parsing or reordering).
Prepend the X-TIMESTAMP and append the private_key.
Compute SHA-256 of the resulting string.

Formula:

signature = SHA256(timestamp + raw_json_string + private_key)

For GET/DELETE Requests

Use an empty string for raw JSON string.

Formula:

signature = SHA256(timestamp + private_key)

How to Get an API Key

To obtain an API key, you must log into the Employer Portal under the Admin role, navigate to the Settings > Integrations section, and click «Create API Key».

Get API Key

Overview ​

Entry Point ​

How to Connect ​

Signature Generation (X-SIGNATURE) ​

For POST Requests ​

For GET/DELETE Requests ​