Help Contact
enEN
ENEN DEDE ESES PLPL PT-BRPT-BR PT-PTPT-PT RURU TRTR VIVI ZH-CNZH-CN

API

General
General Information Generate a signature
Deposits
Getting started Create a deposit Create a deposit without redirection (iframe) Deposit notification (webhook) Check an deposit status Get a list of deposits Deposits without 8-day waiting period (Steam Trade Protection) Deposit approval with 8-day hold Get failed webhook notifications
Deposits without SkinsBack UI
Create a deposit without SkinsBack UI (API) Get user's inventory
Skins Withdraw
Skins price list Skins search Buy skin Bulk buy skins Get skin purchase info Skin purchase history
Other
Get the project balance Get the history of withdrawals and deposits of money Get currencies and rates Server status Events real-time: websockets Events real-time: webhooks

Generate a signature

The signature is formed by concatenating all parameters in the "key:value;" form and converting it to sha1 hmac signed with Client Secret. Arrays and objects are skipped. You can find out the Client Secret in the merchant's account.

Signature generation example in PHP:

<?php

function buildSignature($params, $clientSecret)
{
    ksort($params);

    $paramsString = '';
    foreach($params AS $key => $value)
    {
        if($key == 'sign') continue;
        if(is_array($value)) { continue; }
        $paramsString .= $key .':'. $value .';';
    }
    $sign = hash_hmac('sha1', $paramsString, $clientSecret);

    return $sign;
}

$clientSecret = '123'; // Client Secret
$params = array(
    'method' => 'orderstatus',
    'order_id' => 1,
    'shopid' => '123' // Client ID
);
$params['sign'] = buildSignature($params, $clientSecret);

Signature generation example in JavaScript:

function buildSignature(params, clientSecret)
{
    var paramsString = '';
    Object.keys(params).sort().forEach(function(key)
    {
        if (key === 'sign') return;
        if(typeof params[key] == 'object') return;
        paramsString += '' + key + ':' + params[key] + ';';
    });

    var crypto = require('crypto');
    paramsString = crypto.createHmac('sha1', clientSecret).update(paramsString).digest('hex');
    return paramsString;
}

var clientSecret = '123'; // Client Secret
var params = {
    method: 'orderstatus',
    order_id: 1,
    shopid: '123' // Client ID
}
params.sign = buildSignature(params, clientSecret);

Request with signature example in PHP:

<?php
$params = array(
	'shopid' => '1', // Client ID
    'method' => 'create',
	'order_id' => 1,
	'steam_id' => '76561198827262007',
	'trade_token' => 'i1ArBZey',
	'currency' => 'usd'
);
$clientSecret = '123123123123213';
// @see https://skinsback.com/docs/api/v1/signature/
$params['sign'] = buildSignature($params, $clientSecret);

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,"https://skinsback.com/api.php");
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($params));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$server_output = curl_exec($ch);
curl_close ($ch);
var_dump($server_output);

Webhook: validation example in PHP:

<?php

$clientSecret = '123'; // Client Secret
// @see https://skinsback.com/docs/api/v1/signature/
if($_POST['sign'] != buildSignature($_POST, $clientSecret))
{
    die('Wrong signature');
}
© 2025 SkinsBack. All right reserved.
Help Contact Service Agreement