Signature Algorithm
- Signature algorithm is used to sign your payment API request with a private key to obtain additional security.
- Data object needs to be sorted, the Nested object also needs to be sorted.
Step 1 : Prepare a Request Parameter
Method : POST
- Refer to which API endpoint you are calling , below request parameter is just an EXAMPLE
Example of Create Payment URL
| Parameter | Type | Required | Description | Example |
|---|---|---|---|---|
order |
Object | Yes | order information, with keys of [id, title, amount, currencyType, additionalData] |
|
customer |
Object | Yes | customer information, with keys of [name, phone, email] |
|
method |
String | No | List of Type, please refer to Deposit / Payment, If this is given, user will be redirected straight to the specific 3rd party payment page. If not, user will be redirected to Payment page to select the Payment Method |
Order [Object]
| Parameter | Type | Required | Description | Example |
|---|---|---|---|---|
title |
String | Yes | Order title, max: 32 | "Deposit" |
additionalData |
String | No | Order description | |
amount |
String | Yes | Amount of order in Dollar. 100 = MYR 100.00 | 100 |
currencyType |
String | Yes | Currency notation (currently only support MYR)
|
"MYR" |
id |
String | Yes | ID of the Order | |
logoUrl |
String | No | Display merchant logo at payment page | |
redirectUrl |
String | No | URL to redirect the user after payment is completed. If set, this value will be used; otherwise, the default Redirect URL from the BO will be applied | |
callbackUrl |
String | No | URL for server-to-server notification of payment status. If set, this value will be used; otherwise, the default Deposit Callback from the BO will be applied |
Customer [Object]
| Parameter | Type | Required | Description | Example |
|---|---|---|---|---|
name |
String | Yes | Customer Name | "Long Wan" |
email |
String | Yes | Customer Email | "" |
phone |
String | Yes | Customer Phone Number | "" |
Example Request
{
"order": {
"id": "A20221111",
"title": "Payment",
"amount": "88.50",
"currencyType": "MYR",
"additionalData": "",
"logoUrl": "https://picsum.photos/200",
"redirectUrl": "https://redirecturl.com",
"callbackUrl": "https://callbackurl.com"
},
"customer": {
"name": "Long Wan",
"phone": "0123456789",
"email": "longwan@gmail.com"
},
"method": ""
}
- Sort the above json key alphabetically and make it compact
{"customer":{"name":"Long Wan","phone":"0123456789","email":"longwan@gmail.com"},"method":"","order":{"id":"A20221111","title":"Payment","amount":"88.50","currencyType":"MYR","additionalData":"","logoUrl":"https://picsum.photos/200","redirectUrl":"https://redirecturl.com","callbackUrl":"https://callbackurl.com"}}
Step 2 : Encode the data using Base64 format
eyJjdXN0b21lciI6eyJuYW1lIjoiTG9uZyBXYW4iLCJwaG9uZSI6IjAxMjM0NTY3ODkiLCJlbWFpbCI6Imxvbmd3YW5AZ21haWwuY29tIn0sIm1ldGhvZCI6IiIsIm9yZGVyIjp7ImlkIjoiQTIwMjIxMTExIiwidGl0bGUiOiJQYXltZW50IiwiYW1vdW50IjoiODguNTAiLCJjdXJyZW5jeVR5cGUiOiJNWVIiLCJhZGRpdGlvbmFsRGF0YSI6IiIsImxvZ29VcmwiOiJodHRwczovL3BpY3N1bS5waG90b3MvMjAwIiwicmVkaXJlY3RVcmwiOiJodHRwczovL3JlZGlyZWN0dXJsLmNvbSIsImNhbGxiYWNrVXJsIjoiaHR0cHM6Ly9jYWxsYmFja3VybC5jb20ifX0=
Step 3: Construct plain text parameters
- if the body is empty then the
dataparameter can be skip
| Parameter | Type | Required | Description | Example |
|---|---|---|---|---|
data |
String | Yes | Base64 data body from Step 2. | Refer to Step 2 |
method |
String | Yes | HTTP call method used | "post" |
nonceStr |
String | Yes | Random string | "VYNknZohxwicZMaWbNdBKUrnrxDtaRhN" |
requestUrl |
String | Yes | API URL that you call must be exactly the same, together with URL. | gateway/v1/createPayment |
signType |
String | Yes | Sign Type, prefer SHA-256 | "sha256" |
timestamp |
String | Yes | UNIX timestamp of request | "1527407052" |
Example
data=eyJjdXN0b21lciI6eyJuYW1lIjoiTG9uZyBXYW4iLCJwaG9uZSI6IjAxMjM0NTY3ODkiLCJlbWFpbCI6Imxvbmd3YW5AZ21haWwuY29tIn0sIm1ldGhvZCI6IiIsIm9yZGVyIjp7ImlkIjoiQTIwMjIxMTExIiwidGl0bGUiOiJQYXltZW50IiwiYW1vdW50IjoiODguNTAiLCJjdXJyZW5jeVR5cGUiOiJNWVIiLCJhZGRpdGlvbmFsRGF0YSI6IiIsImxvZ29VcmwiOiJodHRwczovL3BpY3N1bS5waG90b3MvMjAwIiwicmVkaXJlY3RVcmwiOiJodHRwczovL3JlZGlyZWN0dXJsLmNvbSIsImNhbGxiYWNrVXJsIjoiaHR0cHM6Ly9jYWxsYmFja3VybC5jb20ifX0=&method=post&nonceStr=VYNknZohxwicZMaWbNdBKUrnrxDtaRhN&requestUrl=gateway/v1/createPayment&signType=sha256×tamp=1527407052
Step 4: Sign with CLIENT PRIVATE KEY
- Sign this content using
sha256with rsa private key and make sure the public key have been uploaded to GebmePay Merchant Portal
| Type | Required | Description | Example |
|---|---|---|---|
| String | Yes | Sign the request data in Step 3 using PRIVATE_KEY | Response show as below |
Example of Signature
sha256 IrBg6t73VsH7ieEnQDB4CXHFjMWUkp8Dtddpxqw+4Gvz6Tag7Dx6nrfAt2ofYK8xZN9aBCvAKAfmAOGWIXnsTXfhFBnMA2kadiga7ufUJ81ozyhllbiliRM2ugw1OcqSTLRHWBPhrVwhHBxgDiG9wbuI3FKURrz+CufYYakFoCw=
Step 5: Place into Request Header
Put this Signature into header under X-Signature, construct the request and call API endpoint