Transaction Signature
For the purpose of system security, it is required to include the following parameters in the header when sending a transaction request:
| Header | Content |
|---|---|
| Content-Type | text/plain |
| X-Transaction-Signature | {transaction_signature} |
Required Parameters
- Transaction Secret: Obtained from the merchant backend (API Docking -> QR Ph Transaction Secret).
- Request Body: Content of the transaction request.
Generation Steps
- Apply the HMAC algorithm to sign (hash) the Request Body using the Transaction Secret as the key.
- Encode the resulting signature using base64.
- PHP
- Java
- Python
function transcation_signature(string $request_body, string $transaction_secret): string
{
return base64_encode(hash_hmac('sha256', $request_body, $transaction_secret, true));
}
public static String transactionSignature(String requestBody, String transactionSecret) {
try {
Mac sha256_HMAC = Mac.getInstance("HmacSHA256");
SecretKeySpec secretKey = new SecretKeySpec(transactionSecret.getBytes(StandardCharsets.UTF_8), "HmacSHA256");
sha256_HMAC.init(secretKey);
byte[] hashBytes = sha256_HMAC.doFinal(requestBody.getBytes(StandardCharsets.UTF_8));
String signature = Base64.getEncoder().encodeToString(hashBytes);
return signature;
} catch (Exception e) {
e.printStackTrace();
return null;
}
}
def transaction_signature(request_body, transaction_secret):
request_body_bytes = bytes(request_body, 'utf-8')
transaction_secret_bytes = bytes(transaction_secret, 'utf-8')
hash_object = hmac.new(transaction_secret_bytes, request_body_bytes, hashlib.sha256)
raw_signature = hash_object.digest()
signature = base64.b64encode(raw_signature).decode('utf-8')
return signature