Quickstart

This guide gets you from zero to a working API call as fast as possible.

Prerequisites

IIMMPACT account — Request one if you don't have it yet
API credentials — Generate your API key and HMAC secret from Developer > API Keys in the Dashboard

Option A: Postman (Fastest)

Import our pre-configured Postman collection and environment — authentication is handled for you.

Download the Postman collection and environment
Fill in apiKey and hmacSecret in the environment variables
Send a request

Option B: curl / Bash

Copy this script, replace the credentials, and run it. This calls GET /v2/balance to retrieve your account balance.

bash

#!/bin/bash

# ============================================
# Replace these with your actual credentials
# ============================================
API_KEY="iimm_prod_your_api_key_here"
HMAC_SECRET="your_base64_hmac_secret_here"

# ============================================
# Request details
# ============================================
METHOD="GET"
QUERY=""

# Step 1: Timestamp and nonce
TIMESTAMP=$(date +%s)
NONCE="req-${TIMESTAMP}-$(openssl rand -hex 8)"

# Step 2: Body hash (empty for GET)
BODY_HASH=$(echo -n "" | openssl dgst -sha256 -binary | base64)

# Step 3: Canonical string
CANONICAL="v1:${TIMESTAMP}:${NONCE}:${METHOD}:${QUERY}:${BODY_HASH}"

# Step 4: Signature (HMAC secret must be Base64-decoded first)
HEXKEY=$(echo -n "${HMAC_SECRET}" | base64 -d | xxd -p -c 256)
SIGNATURE=$(echo -n "${CANONICAL}" \
  | openssl dgst -sha256 -mac HMAC -macopt "hexkey:${HEXKEY}" \
    -binary \
  | base64)

# Send the request
curl -X GET "https://api.iimmpact.com/v2/balance" \
  -H "X-Api-Key: ${API_KEY}" \
  -H "X-Timestamp: ${TIMESTAMP}" \
  -H "X-Nonce: ${NONCE}" \
  -H "X-Signature: v1=${SIGNATURE}" \
  -H "Content-Type: application/json"

What You'll Get

Your account details including current balance:

json

{
  "data": {
    "account": "12345",
    "name": "Your Company Name",
    "balance": 1250.50,
    "level": "1",
    "access": 0
  }
}

See Balance API Reference for field descriptions.

Troubleshooting

Getting 401 Unauthorized? The most common cause is not Base64-decoding the HMAC secret before signing. See API Key Authentication — Troubleshooting for a full checklist.

Next Steps

Integration Guide — Complete 5-step walkthrough from product listing to payment
API Key Authentication — Understand how request signing works

Quickstart ​

Prerequisites ​

Option A: Postman (Fastest) ​

Option B: curl / Bash ​

What You'll Get ​

Troubleshooting ​

Next Steps ​