Getting Started

Lampay provides a RESTful API for server-to-server integration. All API endpoints use HMAC-SHA256 signature authentication for secure access.

Base URL

https://api.lampay.app/api/v1/

Authentication

Every API request must include four headers:

Header	Description
`X-Api-Key`	Your API key identifier (`sk_live_xxx`)
`X-Signature`	HMAC-SHA256 signature of the request
`X-Timestamp`	Unix timestamp in seconds
`X-Nonce`	Unique request identifier (UUID)

See the Authentication Guide for signature computation details.

Quick Example

curl -X GET https://api.lampay.app/api/v1/wallets \
  -H "X-Api-Key: sk_live_xxx" \
  -H "X-Signature: <computed_signature>" \
  -H "X-Timestamp: 1709337600" \
  -H "X-Nonce: 550e8400-e29b-41d4-a716-446655440000"

Response Format

All responses follow a standard envelope:

200 OK

{
  "version": "1.3.0",
  "timestamp": 1709337600000,
  "success": true,
  "code": "2000",
  "message": "SUCCESS",
  "data": {
    "bizId": "ws_abc123",
    "workspaceName": "My Workspace"
  }
}

Field	Type	Description
`version`	string	API version
`timestamp`	number	Response timestamp (epoch ms)
`success`	boolean	`true` for 2xx, `false` for errors
`code`	string	Machine-readable status code
`message`	string	Human-readable message
`data`	object	Response payload (`null` on error)

Error Codes

Error codes are organized by domain prefix. See the Error Handling Guide for the full catalog.

Prefix	Domain
S	System / Validation
W	Wallet
T	Transfer
GA	Gateway Auth

Pagination

List endpoints support pagination via query parameters:

Parameter	Default	Description
`page`	0	Page number (0-based)
`size`	20	Items per page (max 100)
`sort`	varies	Sort expression (e.g., `createdAt,desc`)

See the Pagination Guide for details.

Next Steps

Authentication Guide — Set up HMAC-SHA256 signing
API Reference — Browse all endpoints
Error Handling — Handle errors correctly

Base URL​

Authentication​

Quick Example​

Response Format​

Error Codes​

Pagination​

Next Steps​