How to construct variable to create MD5 hash for API


I’m creating an automation to add bank entries using the API Bank_CreateTransaction method here: Bank_CreateTransaction API Schema

It says ‘an MD5 has “Account number, API Key and Submission Number’ (3 values) as per this screen capture: Bank_CreateTransaction API ...

However, the API partners page here: API Partners says ‘This MD5 hash should be created by concatenating the end-users account number with your secret key’ (2 values) using a colon (:slight_smile: as per screen capture here: API Partners - Google Chrom...

Which is the correct format to use?

If it helps, I’m using a nodejs/typescript function as below to create the Submission Number, and have added a second line for how the MD5 hash could be created, but could you please correct the MD5 hash with the correct variables and separator?

export const code = async (inputs) => {

const Submission_Number = + '-' inputs.Quickfile_Api_Incrementor

const MD5hash = inputs.Quickfile_Account_Number + ':' + = inputs.Quickfile_API_Key + ':' + Submission_Number

return { Submission_Number, MD5hash }


Thank you.

Hi @BharatK

Are you creating an app for your own use, or one you plan to release on the QuickFile app marketplace?

If it’s the app marketplace, that’s when API partners comes into play. Otherwise, it’s the method you mentioned first with the 3 values -

I’ve copied this from the API documentation for you to use as a reference -

For Example:

Account Number: 123456789
API Key: AAA3321-12BH-A22
Submission Number: 00001
This would be concatenated to: 123456789AAA3321-12BH-A2200001

The resulting MD5 Hash would look like this:


I hope this helps but please let me know if you need any further help.

Hello @QFMathew ,
It’s not an app as such - just an automation using no code SAAS. I have fixed date/amount transactions every month with currency conversion, and wanted to do the conversion and entry into Quickfile automatically to avoid the manual conversion and entry, and save time every month.

So for personal use, and I’m using Account Settings > 3rd Party Integration > API, so using your example with the 3 values should work OK. Thanks for confirming there is no separator between the 3 values. I’ll try that and update you here.

Thank you.

Note that what the API expects is an MD5 hash of that concatenated string, not the plain string itself

import { createHash } from "node:crypto";

// …
const secret = inputs.Quickfile_Account_Number + inputs.Quickfile_API_Key + Submission_Number;
const md5Value = createHash("md5").update(secret).digest("hex");

(Not tested, this is just based on my reading of the node crypto module documentation)

1 Like

@ian_roberts not sure what you mean by the plain string but yes, I had thought of using the concatenated string.

Posting in XML was causing errors which I couldn’t work out straight away. It may have been a syntax error that I wasn’t seeing at the time, so I tried JSON and that was OK.

And yes, I had discovered that the import was required to create the MD5 hash but thanks for spending the time to look into it and for the syntax. It’s appreciated.

So it all works OK in the test environment (& scheduled for live use on the appropriate day of month), automatically doing currency conversions, entering transactions into Quick File and then sending me an email alert with the transaction details and a link to the specific Quick File bank account page to manually tag the transactions, which takes a few seconds. I may look at automating that next, but manual tagging at the moment will help check the whole automation.

A quick question on the submission number… does this have to be unique for all API calls to the Quick File account, or unique to only to the endpoint, in this case /Bank/CreateTransaction ?

Thanks for your other help and if you or anyone require any time saving automation development or refinement then Id’ be happy to see how I can help.


It has to be unique overall, so usually using something like a GUID (Globally Unique Identifier)/UUID is a good move.

I’m not personally familiar with Node, but this article may help with this: 4 Ways to Generate UUIDs in Node.js | Refine

Unique across the board, but note that despite the name “submission number” it’s not limited to just being numeric. What I tend to do is take a timestamp or generate a random number at the start of each run of my software, then append an incrementing serial number on each call within that session. So the first call in a given session might be 1718195659205_0000, the second call 1718195659205_0001, etc. - the timestamp ensures uniqueness across sessions, the serial ensures uniqueness within this session. An implementation of this approach in JS might look like:

import { createHash } from "node:crypto";

export function headerSource(account, apiKey, appId) {
  const startedAt = new Date().getTime();
  let serial = 0;

  return () => {
    const thisSubno = `${startedAt}_${serial++}`;
    const secret = `${account}${apiKey}${thisSubno}`;
    const md5Value = createHash("md5").update(secret).digest("hex");
    return {
      MessageType: "Request",
      SubmissionNumber: thisSubno,
      Authentication: {
        AccNumber: account,
        MD5Value: md5Value,
        ApplicationId: appId,

To use this you call headerSource to get another function that generates a unique and well-formed API Header section each time it is called:

import { headerSource } from "./quickFileAuth.js";

const makeHeader = headerSource(

for(let trans of myTransactions) {
  const postBody = {
    payload: {
      Header: makeHeader(),
      Body: {
        Transaction: [
          // ...

  // call the API, passing this postBody
1 Like

@QFMathew @ian_roberts ,

Thank you re: Unique across-the-board/overall… Noted.

I’m using a simpler unique string and will probably upgrade after a few live automation runs have completed successfully.