1. Knowledge Base
  2. Integration support

Why URL Signing is Mandatory for Your Onramper Integration

Overview

To enhance the security, integrity, and reliability of transactions processed through Onramper, we introduced mandatory URL signing for all integrations in April 2025. This change ensures that all requests to Onramper’s API are authenticated and protected against unauthorized access or tampering.

Since its implementation, URL signing has been a crucial security measure for partners using Onramper. If URL signing is not included in your integration, your users will encounter an “Invalid Signature” error when attempting to proceed to the buy or sell stage.

What is URL Signing?

URL signing is a security mechanism that helps verify the authenticity of API requests. By using a cryptographic signature, we can ensure that:

  • Requests to Onramper originate from a trusted source.

  • No unauthorized modifications have been made to request parameters.

  • Transactions are protected against tampering and replay attacks.

URL signing works by appending a unique cryptographic signature to each request, generated using a secret key that is only known to the sender (you) and Onramper. When a request is received, Onramper verifies this signature before processing the request.

Why is URL Signing Required?

  1. Prevent Unauthorized Access
    URL signing ensures that only authorized parties can send valid requests to Onramper’s system, reducing the risk of fraudulent activities.

  2. Prevent Data Tampering
    A signed URL guarantees that no one can modify the request parameters (such as the transaction amount or currency) during transmission.

  3. Enhance Security and Compliance
    By implementing URL signing, we align with industry best practices for securing financial transactions and protecting user data.

  4. Ensure Reliable API Interactions
    Requests with invalid or missing signatures will be rejected, preventing unauthorized transactions and enhancing trust.

What Happens if URL Signing is Not Implemented?

If your integration does not include URL signing, any request made to Onramper’s API will return an “Invalid Signature” error when attempting to proceed to the buy or sell stage. This means your users will not be able to complete their transactions until the integration is updated with a valid signature.

How to Implement URL Signing

For step-by-step instructions on adding URL signing to your integration, please refer to our technical documentation: How to Implement URL Signing

Need Assistance?

If you have any questions or need support during implementation, our team is here to help. Please reach out to support@onramper.com

By implementing URL signing, you contribute to a more secure and seamless experience for your users. We appreciate your cooperation in making Onramper’s ecosystem safer for everyone.