All requests sent to the Payouts API must include specific authentication headers to identify the merchant and validate each request.

Required Headers

Key	Value	Description
`Content-Type`	`application/json`	Indicates that the request body is formatted in JSON.
`Authorization`	`Basic {{MerchantPrivateKey}}`	Use the `MerchantPrivateKey` provided by Bamboo when your merchant account was created. Example: `Basic RVkeL-s86_iTzSMLvDtuyQ-1zqIcsmF-coSzncn_uFvQnj7b-B3rtZg__`
`DigitalSignature`	`{{DigitalSignature}}`	HMAC SHA-256 signature used to verify the authenticity of the request. This header is mandatory only for Payout creation.

⚠️
Requests without valid authentication headers will be rejected with HTTP 401 (Unauthorized).

Signing the Message

The digital signature is used to verify the authenticity and integrity of each Payout request.
It must be generated using the HMAC SHA-256 algorithm with the secret-key provided by Bamboo during onboarding.

Include the following fields from the request body when building the signature:

Parameter	Description
`country`	Country code where the payout is processed.
`amount`	Total amount of the payout.
`currency`	Currency code in ISO-4217 format.
`reference`	Unique reference identifier for the payout.
`type`	Payout type (for example, `BANK`, `WALLET`, or `CARD`).

The resulting hash must be converted to a hexadecimal string and sent in the header DigitalSignature.

Example: Signature Generation

// Parse the JSON request body
var json = JSON.parse(request.data);

// Build the data object with required parameters
let signdata = {
  Country: json.country,
  Amount: json.amount,
  Currency: json.currency,
  Reference: json.reference,
  Type: json.type
};

// Serialize the data and create the HMAC SHA-256 signature
var data = JSON.stringify(signdata);
var hexHash = CryptoJS.HmacSHA256(data, secret_key);
var hash = hexHash.toString(CryptoJS.enc.Hex);

// Result to include in the DigitalSignature header
console.log("DigitalSignature:", hash);

Example Header

DigitalSignature: 64f1f2a0c5a548e59be3c146a7dcf8827f7e8d3d01a6b2c2d8b87a4b93a07b22

What’s Next

Once your authentication setup is ready, continue with the following steps to complete your Payouts integration.

Payout Request

Learn how to create and send payout requests using the authenticated headers.

Test the API

Try real examples in the API Reference and validate your integration in the staging environment.

Country Considerations

Review country-specific fields, supported currencies, and local compliance rules.