Hash Validation #️⃣
Signature
Every transaction accomplished through the checkout service is protected by an additional layer of security called hash.
A hash value is generated based on the transaction details, such as the amount and customer information. This hash value acts as a digital signature, ensuring the integrity and authenticity of the request.
Where it will be used
As mentioned, the hash validates the requests sent to the payment platform. Also, it is used to validate the callback received by your system from the payment platform.
The format of the Signature will be different based on the information and the type of request sent.
Authentication Signature
This authentication signature is used to send the authentication request.
This hash must be SHA1 of the MD5 encoded string and calculated by the formula below:
Data used
| fields |
|---|
| order.id |
| order.amount |
| order.currency |
| order.description |
| password |
sha1(md5(strtoupper(order.id,order.amount,order.currency,order.description,PASSWORD)))
Example
The example below uses CryptoJS library
const to_md5 =
order.id + order.amount + order.currency + order.description + merchant.pass;
const hash = CryptoJS.SHA1(CryptoJS.MD5(to_md5.toUpperCase()).toString());
const result = CryptoJS.enc.Hex.stringify(hash);
Get Transaction Status Signature
This signature is used to get the transaction status.
This hash must be SHA1 of the MD5 encoded string and calculated by the formula below:
Data used
| fields |
|---|
| payment_id |
| password |
sha1(md5(strtoupper(payment_id,PASSWORD)))
Example
The example below uses CryptoJS library
const to_md5 = payment_id + merchant.pass;
const hash = CryptoJS.SHA1(CryptoJS.MD5(to_md5.toUpperCase()).toString());
const result = CryptoJS.enc.Hex.stringify(hash);
Refund Signature
This signature is used to initiate a refund transaction.
This hash must be SHA1 of the MD5 encoded string and calculated by the formula below:
Data used
| fields |
|---|
| payment_id |
| amount |
| password |
sha1(md5(strtoupper(payment_id,amount,PASSWORD)))
Example
The example below uses CryptoJS library
const to_md5 = payment_id + amount + merchant.pass;
const hash = CryptoJS.SHA1(CryptoJS.MD5(to_md5.toUpperCase()).toString());
const result = CryptoJS.enc.Hex.stringify(hash);
Void Signature
This signature is used in void operations. Void operations are invokable only while the payment process is still pending.
This hash must be SHA1 of the MD5 encoded string and calculated by the formula below:
Data used
| fields |
|---|
| payment_id |
| password |
sha1(md5(strtoupper(payment_id,PASSWORD)))
Example
The example below uses CryptoJS library
const to_md5 = payment_id + merchant.pass;
const hash = CryptoJS.SHA1(CryptoJS.MD5(to_md5.toUpperCase()).toString());
const result = CryptoJS.enc.Hex.stringify(hash);
Recurring Signature
To make a transaction with a saved card
This hash must be SHA1 of the MD5 encoded string and calculated by the formula below:
Data used
| fields |
|---|
| recurring_init_trans_id |
| recurring_token |
| order.id |
| order.description |
| order.amount |
| password |
sha1(md5(strtoupper(recurring_init_trans_id, recurring_token,order.id,order.amount,order.description,PASSWORD)))
Example
The example below uses CryptoJS library
const to_md5 =
recurring_init_trans_id +
recurring_token +
order.id +
order.amount +
order.description +
merchant.pass;
const hash = CryptoJS.SHA1(CryptoJS.MD5(to_md5.toUpperCase()).toString());
const result = CryptoJS.enc.Hex.stringify(hash);
Schedule Signature
To create a schedule object
This hash must be of the MD5 encoded string (toUpperCase,letters reversed) and calculated by the formula below:
Data used
| fields |
|---|
| PASSWORD |
md5(strtoupper(strrev(PASSWORD)));
Example
// to reverse a string
function reverseString(str) {
// empty string
let newString = "";
for (let i = str.length - 1; i >= 0; i--) {
newString += str[i];
}
return newString;
}
const to_md5 = reverseString(merchant.pass);
const hash = CryptoJS.MD5(to_md5.toUpperCase()).toString();
const result = CryptoJS.enc.Hex.stringify(hash);
Callback Signature
This is the notification that will be sent from us to your application .
This hash must be SHA1 of the MD5 encoded string and calculated by the formula below:
Data used
| fields |
|---|
| payment_id |
| order.id |
| order.id |
| order.amount |
| order.currency |
| order.description |
| password |
sha1(md5(strtoupper(payment_id,order.id,order.amount,order.currency,order.description,PASSWORD)))
Example
The example below uses CryptoJS library
const to_md5 =
payment_id +
order.id +
order.amount +
order.currency +
order.description +
merchant.pass;
const hash = CryptoJS.SHA1(CryptoJS.MD5(to_md5.toUpperCase()).toString());
const result = CryptoJS.enc.Hex.stringify(hash);