Yedpay

Description (Verifying Signature)

Whenever any notification is received from the server and the signature is present in the fields,
the merchants should verify the signature using their keys to ensure the response is from the server and not modified by any others.

Procedure

1. Response received

        Array (
            [success] => 1
            [request_type] => purchase
            [transaction] => Array
                (
                    [id] => xxxxxx
                    [transaction_id] => 1234567890123456
                    [reference_id] => 123123123123123123
                    [custom_id] => 6543210987654321
                    [payment_method] => VISA
                    [currency] => HKD
                    [amount] => 5.00
                    [status] => paid
                    [paid_at] => 2018-07-12 16:00:43
                    [refunded_at] =>
                    [updated_at] => 2018-07-12 16:07:56
                    [extra_parameters] => Array
                        (
                            [customer_name] => Yed Pay
                            [phone] => 59770850
                        )

                )

            [nonce_str] => Pi2Gi78LuWFLlxl2UCqf4fnyTbG6HrMjjb7P3lepVYW04exP6C9YqZZg7pYBM3ba
            [sign_type] => HMAC_SHA256
            [sign] => 240b8438b0f180dcfd68272b15b9495ed00d82aa733296ff78c6c5074b89d422
        )
        

2. Exclude unnecessary values

In this case, sign and sign_type should be excluded

        Array (
            [success] => 1
            [request_type] => purchase
            [transaction] => Array
                (
                    [id] => xxxxxx
                    [transaction_id] => 1234567890123456
                    [reference_id] => 123123123123123123
                    [custom_id] => 6543210987654321
                    [payment_method] => VISA
                    [currency] => HKD
                    [amount] => 5.00
                    [status] => paid
                    [paid_at] => 2018-07-12 16:00:43
                    [refunded_at] =>
                    [updated_at] => 2018-07-12 16:07:56
                    [extra_parameters] => Array
                        (
                            [customer_name] => Yed Pay
                            [phone] => 59770850
                        )

                )

            [nonce_str] => Pi2Gi78LuWFLlxl2UCqf4fnyTbG6HrMjjb7P3lepVYW04exP6C9YqZZg7pYBM3ba
        )
        

3. Sort array key in ascending order

        Array (
            [nonce_str] => Pi2Gi78LuWFLlxl2UCqf4fnyTbG6HrMjjb7P3lepVYW04exP6C9YqZZg7pYBM3ba
            [request_type] => purchase
            [success] => 1
            [transaction] => Array
                (
                    [id] => xxxxxx
                    [transaction_id] => 1234567890123456
                    [reference_id] => 123123123123123123
                    [custom_id] => 6543210987654321
                    [payment_method] => VISA
                    [currency] => HKD
                    [amount] => 5.00
                    [status] => paid
                    [paid_at] => 2018-07-12 16:00:43
                    [refunded_at] =>
                    [updated_at] => 2018-07-12 16:07:56
                    [extra_parameters] => Array
                        (
                            [customer_name] => Yed Pay
                            [phone] => 59770850
                        )

                )

        )
        

4. HTTP build query and url decode

Notice that all empty values should be removed.
In this case, refunded_at will be excluded as it is empty.
nonce_str=Pi2Gi78LuWFLlxl2UCqf4fnyTbG6HrMjjb7P3lepVYW04exP6C9YqZZg7pYBM3ba&request_type=purchase&success=1&transaction[id]=xxxxxx&transaction[transaction_id]=1234567890123456&transaction[reference_id]=123123123123123123&transaction[custom_id]=6543210987654321&transaction[payment_method]=VISA&transaction[currency]=HKD&transaction[amount]=5.00&transaction[status]=paid&transaction[paid_at]=2018-07-12 16:00:43&transaction[updated_at]=2018-07-12 16:07:56&transaction[extra_parameters][customer_name]=Yed Pay&transaction[extra_parameters][phone]=59770850
        

5. Use the key generated to sign and verify whether the result matches the sign received

For example, if the key generated is "00112233445566778899aabbccddeeff", the resulting signature will be:
240b8438b0f180dcfd68272b15b9495ed00d82aa733296ff78c6c5074b89d422

v1.29.1-20191003 © The Payment Cards Group Limited. All rights reserved.