Signing URLs

Some requests and payment links must be signed to prove that it was generated by you and not a fraudster.


The signature must be an HMAC-SHA1 of the URL path and query string, using your shared secret as the key. The resulting value must be base-64 encoded and appended to the query string with the parameter name "signature".


If you need to sign the url with your shared secret 3HDW9B, the resulting signed URL will be:

Vendo SDK for PHP

You can use Vendo's SDK for PHP to easily sign your requests to Vendo.


  1. Install the SDK using composer: composer require vendoservices/vendo-sdk.
  2. Check the code examples in the code repository.