Yedpay

Description (Verifying Signature)

Whenever any notification is received from the server and the signature is present in the fields,
the merchants should verify the signature using their keys to ensure the response is from the server and not modified by any others.

Procedure

1. Response received

        Array (
            [success] => 1
            [request_type] => purchase
            [transaction] => Array
                (
                    [id] => xxxxxx
                    [transaction_id] => 1234567890123456
                    [reference_id] => 123123123123123123
                    [custom_id] => 6543210987654321
                    [payment_method] => VISA
                    [currency] => HKD
                    [amount] => 5.00
                    [status] => paid
                    [paid_at] => 2018-07-12 16:00:43
                    [refunded_at] => ''
                    [updated_at] => 2018-07-12 16:07:56
                    [extra_parameters] => Array
                        (
                            [customer_name] => Yed Pay
                            [phone] => 59770850
                        )

                )

            [nonce_str] => Pi2Gi78LuWFLlxl2UCqf4fnyTbG6HrMjjb7P3lepVYW04exP6C9YqZZg7pYBM3ba
            [sign_type] => HMAC_SHA256
            [sign] => 7ce7fe7aa3156a736536b7817a53eebc3728a4d85d467ae82b9f529b7b343040
        )
        

2. Exclude unnecessary values

In this case, sign and sign_type should be excluded

        Array (
            [success] => 1
            [request_type] => purchase
            [transaction] => Array
                (
                    [id] => xxxxxx
                    [transaction_id] => 1234567890123456
                    [reference_id] => 123123123123123123
                    [custom_id] => 6543210987654321
                    [payment_method] => VISA
                    [currency] => HKD
                    [amount] => 5.00
                    [status] => paid
                    [paid_at] => 2018-07-12 16:00:43
                    [refunded_at] => ''
                    [updated_at] => 2018-07-12 16:07:56
                    [extra_parameters] => Array
                        (
                            [customer_name] => Yed Pay
                            [phone] => 59770850
                        )

                )

            [nonce_str] => Pi2Gi78LuWFLlxl2UCqf4fnyTbG6HrMjjb7P3lepVYW04exP6C9YqZZg7pYBM3ba
        )
        

3. Sort array key (only the first level) in ascending order.

        Array (
            [nonce_str] => Pi2Gi78LuWFLlxl2UCqf4fnyTbG6HrMjjb7P3lepVYW04exP6C9YqZZg7pYBM3ba
            [request_type] => purchase
            [success] => 1
            [transaction] => Array
                (
                    [id] => xxxxxx
                    [transaction_id] => 1234567890123456
                    [reference_id] => 123123123123123123
                    [custom_id] => 6543210987654321
                    [payment_method] => VISA
                    [currency] => HKD
                    [amount] => 5.00
                    [status] => paid
                    [paid_at] => 2018-07-12 16:00:43
                    [refunded_at] => ''
                    [updated_at] => 2018-07-12 16:07:56
                    [extra_parameters] => Array
                        (
                            [customer_name] => Yed Pay
                            [phone] => 59770850
                        )

                )

        )
        

4. HTTP build query and url decode

            nonce_str=Pi2Gi78LuWFLlxl2UCqf4fnyTbG6HrMjjb7P3lepVYW04exP6C9YqZZg7pYBM3ba&request_type=purchase&success=1&transaction[id]=xxxxxx&transaction[transaction_id]=1234567890123456&transaction[reference_id]=123123123123123123&transaction[custom_id]=6543210987654321&transaction[payment_method]=VISA&transaction[currency]=HKD&transaction[amount]=5.00&transaction[status]=paid&transaction[paid_at]=2018-07-12 16:00:43&transaction[refunded_at]=&transaction[updated_at]=2018-07-12 16:07:56&transaction[extra_parameters][customer_name]=Yed Pay&transaction[extra_parameters][phone]=59770850
        

5. Use the key generated to sign and verify whether the result matches the sign received

For example, if the key generated is "00112233445566778899aabbccddeeff", the resulting signature will be:
7ce7fe7aa3156a736536b7817a53eebc3728a4d85d467ae82b9f529b7b343040

v1.53.8-20220124 © The Payment Cards Group Limited. All rights reserved.