Skip to main content

Transaction Signature

For the purpose of system security, it is required to include the following parameters in the header when sending a transaction request:

HeaderContent
Content-Typetext/plain
X-Transaction-Signature{transaction_signature}

Required Parameters

  1. Transaction Secret: Obtained from the merchant backend (API Docking -> QR Ph Transaction Secret).
  2. Request Body: Content of the transaction request.

Generation Steps

  1. Apply the HMAC algorithm to sign (hash) the Request Body using the Transaction Secret as the key.
  2. Encode the resulting signature using base64.
public static String transactionSignature(String requestBody, String transactionSecret) {
try {
Mac sha256_HMAC = Mac.getInstance("HmacSHA256");
SecretKeySpec secretKey = new SecretKeySpec(transactionSecret.getBytes(StandardCharsets.UTF_8), "HmacSHA256");
sha256_HMAC.init(secretKey);

byte[] hashBytes = sha256_HMAC.doFinal(requestBody.getBytes(StandardCharsets.UTF_8));

String signature = Base64.getEncoder().encodeToString(hashBytes);

return signature;
} catch (Exception e) {
e.printStackTrace();
return null;
}
}