Description (Verifying Signature)
Whenever any notification is received from the server and the signature is present in the fields,
the merchants should verify the signature using their keys to ensure the response is from the server and not modified by any others.
Procedure
1. Response received
Array ( [success] => 1 [request_type] => purchase [transaction] => Array ( [id] => xxxxxx [transaction_id] => 1234567890123456 [reference_id] => 123123123123123123 [custom_id] => 6543210987654321 [payment_method] => VISA [currency] => HKD [amount] => 5.00 [status] => paid [paid_at] => 2018-07-12 16:00:43 [refunded_at] => '' [updated_at] => 2018-07-12 16:07:56 [extra_parameters] => Array ( [customer_name] => Yed Pay [phone] => 59770850 ) ) [nonce_str] => Pi2Gi78LuWFLlxl2UCqf4fnyTbG6HrMjjb7P3lepVYW04exP6C9YqZZg7pYBM3ba [sign_type] => HMAC_SHA256 [sign] => 7ce7fe7aa3156a736536b7817a53eebc3728a4d85d467ae82b9f529b7b343040 )
2. Exclude unnecessary values
In this case, sign and sign_type should be excluded
Array ( [success] => 1 [request_type] => purchase [transaction] => Array ( [id] => xxxxxx [transaction_id] => 1234567890123456 [reference_id] => 123123123123123123 [custom_id] => 6543210987654321 [payment_method] => VISA [currency] => HKD [amount] => 5.00 [status] => paid [paid_at] => 2018-07-12 16:00:43 [refunded_at] => '' [updated_at] => 2018-07-12 16:07:56 [extra_parameters] => Array ( [customer_name] => Yed Pay [phone] => 59770850 ) ) [nonce_str] => Pi2Gi78LuWFLlxl2UCqf4fnyTbG6HrMjjb7P3lepVYW04exP6C9YqZZg7pYBM3ba )
3. Sort array key (only the first level) in ascending order.
Array ( [nonce_str] => Pi2Gi78LuWFLlxl2UCqf4fnyTbG6HrMjjb7P3lepVYW04exP6C9YqZZg7pYBM3ba [request_type] => purchase [success] => 1 [transaction] => Array ( [id] => xxxxxx [transaction_id] => 1234567890123456 [reference_id] => 123123123123123123 [custom_id] => 6543210987654321 [payment_method] => VISA [currency] => HKD [amount] => 5.00 [status] => paid [paid_at] => 2018-07-12 16:00:43 [refunded_at] => '' [updated_at] => 2018-07-12 16:07:56 [extra_parameters] => Array ( [customer_name] => Yed Pay [phone] => 59770850 ) ) )
4. HTTP build query and url decode
nonce_str=Pi2Gi78LuWFLlxl2UCqf4fnyTbG6HrMjjb7P3lepVYW04exP6C9YqZZg7pYBM3ba&request_type=purchase&success=1&transaction[id]=xxxxxx&transaction[transaction_id]=1234567890123456&transaction[reference_id]=123123123123123123&transaction[custom_id]=6543210987654321&transaction[payment_method]=VISA&transaction[currency]=HKD&transaction[amount]=5.00&transaction[status]=paid&transaction[paid_at]=2018-07-12 16:00:43&transaction[refunded_at]=&transaction[updated_at]=2018-07-12 16:07:56&transaction[extra_parameters][customer_name]=Yed Pay&transaction[extra_parameters][phone]=59770850
5. Use the key generated to sign and verify whether the result matches the sign received
For example, if the key generated is "00112233445566778899aabbccddeeff", the resulting signature will be:7ce7fe7aa3156a736536b7817a53eebc3728a4d85d467ae82b9f529b7b343040
v1.62.0-20231122 © The Payment Cards Group Limited. All rights reserved.