Skip to main content

Signatures/Hash

A signature is a rule used to verify either merchants' requests to a payment platform or the callbacks from the payment platform to merchants' system.

caution

Resultant Signature/Hash value should be lowercase.

Sale Signature/Hash

Example Using CryptoJSvar Javascript library
/*
* Library Source: https://www.npmjs.com/package/crypto-js
*/
// Step 1: Generate string
var requestString = identifier + order.id + order.amount + order.currency + merchant.password;
// Step 2: Reverse Generated String
var requestString = requestString.split("").reverse().join("");
// Step 3: Convert generated string to UpperCase.
requestString = requestString.toUpperCase();
// Step 4: Calculate md5 of resultant string from step 3.
var md5String = CryptoJS.MD5(requestString).toString();

Refund (CREDITVOID) Signature/Hash

Example Using CryptoJSvar Javascript library
/*
* Library Source: https://www.npmjs.com/package/crypto-js
*/
// Step 1: Generate string
var requestString = transaction.id + merchant.password;
// Step 2: Reverse Generated String
var requestString = requestString.split("").reverse().join("");
// Step 3: Convert generated string to UpperCase.
requestString = requestString.toUpperCase();
// Step 4: Calculate md5 of resultant string from step 3.
var md5String = CryptoJS.MD5(requestString).toString();

Get Transaction Status Signature/Hash

Example Using CryptoJSvar Javascript library
/*
* Library Source: https://www.npmjs.com/package/crypto-js
*/
// Step 1: Generate string
var requestString = transaction.id;
// Step 2: Reverse generated string.
requestString = requestString.split("").reverse().join("");
// Step 3: Convert generated string to Uppercase
requestString = requestString.toUpperCase();
// Step 4: Append Merchant Password
requestString = requestString + merchant.password;
// Step 5: Calculate md5 of resultant string from step 4.
var md5String = CryptoJS.MD5(requestString).toString();

Callback Notification Signature/Hash

// Step 1: Get all received parameters
const receivedParameters = { ...req.body }; // Assuming received parameters are stored in the req.body object

// Step 2: Save received hash in separate variable
const receivedHash = receivedParameters.hash;

// Step 3: Delete 'hash' key from receivedParameters object
delete receivedParameters.hash;

// Step 4: Reverse values in the object
function reverseValues(obj) {
  for (let key in obj) {
    if (typeof obj[key] === 'string') {
      obj[key] = obj[key].split('').reverse().join('');
    } else if (typeof obj[key] === 'object') {
      reverseValues(obj[key]);
    }
  }
}
reverseValues(receivedParameters);

// Step 5: Sort object properties in ascending order and convert to string
function sortAndConvert(obj) {
  let sortedString = '';
  Object.keys(obj).sort().forEach(key => {
    const value = obj[key];
    if (typeof value === 'object') {
      sortedString += sortAndConvert(value);
    } else {
      sortedString += value;
    }
  });
  return sortedString;
}
const sortedString = sortAndConvert(receivedParameters);

// Step 6: Convert sorted string to uppercase and append Merchant Password
const merchantPassword = 'yourMerchantPassword'; // Replace with your actual merchant password
const requestString = (sortedString + merchantPassword).toUpperCase();

// Step 7: Calculate MD5 hash of resultant string from step 6
const md5String = CryptoJS.MD5(requestString).toString();

// Step 8: Compare with receivedHash
if (receivedHash === md5String) {
  // Received data is legit
} else {
  // GET Transaction Status API
}