Generating the Hash/Sign

Main Goal

Our top priority is to keep communication safe. To prevent impersonation attempts, all requests must include a Hash-based Message Authentication Code (HMAC) using the SHA256 hash function.

Practices

To ensure that the information received by P4F matches what the Merchant sends, specific request details must be encrypted along with the Merchant's secret. Use your Merchant Key as the encryption key for this purpose.

It's important to note that each request type requires a unique seed string, created from parts of the request itself, to generate the hash. Any request with an incorrect hash will be rejected, and you will receive an error message: "merchant_not_authorized."

For guidance on generating hashes in C sharp, please refer to APENDIX - Generating the Hash or Sign. Additionally, you can access an online tool for generating hashes at this URL. This tool will help you test and verify that you are generating hashes correctly.

Method Sample

The method provided in C Sharp should serve as a guideline for generating all the necessary API hashes, and remember to use your Merchant Key as the encryption key.

public string HMACSHA256(string toBeEncripted, string merchantKey)
{
    byte[] key = Encoding.UTF8.GetBytes(merchantKey);
    using (HMACSHA256 hmac = new HMACSHA256(key))
    {
        hmac.Initialize();
        byte[] bytes_hmac_in =
        Encoding.UTF8.GetBytes(toBeEncripted);
        byte[] bytes_hamc_out =
        hmac.ComputeHash(bytes_hmac_in);
        string str_hamc_out =
        BitConverter.ToString(bytes_hamc_out);
        str_hamc_out = str_hamc_out.Replace("-", "");
        return str_hamc_out;
    }
}

Ees that your hash creation is in line with our standards.