Documentation
Search…
Signature Generation and Verification

Working With Signature

We use signature when data authenticity must be ensured before we process it, In such case you will need to generate signature and it into request body. In some cases we may also provide the signature in response which you can validate to ensure that the data you have received has not been ultered on the way.
You have to use your Encryption Key to generate or validate the signature.

Generation of Signature

Pseudo Code

1
Function generateSignature(Argument requestBody, Argument apiSecret)
2
dataString: Stores the string genereated from request body
3
signature: To store the generated signature
4
5
For each KEY1 and VALUE1 in requestBody, do
6
If VALUE1 is Array Then
7
For each KEY2 and VALUE2 in VALUE1, do
8
APPEND VALUE2 to dataString
9
APPEND '|' to dataString
10
EndFor
11
Else
12
APPEND VALUE1 to dataString
13
APPEND '|' to dataString
14
EndIf
15
EndFor
16
17
APPEND '#' to dataString
18
signature = HASH_HMAC_SHA_256(dataString, apiSecret)
19
return signature
20
End function
Copied!
PHP
Java
1
public function generateSignature($apiSecret, $requestBody) {
2
$dataString = '';
3
4
foreach ($requestBody as $key => $value) {
5
if (is_array($value)) {
6
foreach ($value as $_key => $_value) {
7
$dataString .= $_value;
8
$dataString .= '|';
9
}
10
} else {
11
$dataString .= $value;
12
$dataString .= '|';
13
}
14
}
15
16
$dataString .= '#';
17
18
$signature = hash_hmac('sha512', $dataString, $apiSecret);
19
return $signature;
20
}
Copied!
1
public String generateSignature(String apiSecret, Map<String, String> requestBody) {
2
try {
3
String[] signature = { "" };
4
requestBody.forEach((key, value) -> {
5
signature[0] += value;
6
signature[0] += "|";
7
8
});
9
signature[0] += "#";
10
return this.calculateHMAC(signature[0], apiSecret);
11
} catch (Exception e) {
12
System.out.println(e.getMessage());
13
return null;
14
}
15
}
16
17
private static String toHexString(byte[] bytes) {
18
Formatter formatter = new Formatter();
19
for (byte b : bytes) {
20
formatter.format("%02x", b);
21
}
22
return formatter.toString();
23
}
24
25
public static String calculateHMAC(String data, String key)
26
throws SignatureException, NoSuchAlgorithmException, InvalidKeyException
27
{
28
SecretKeySpec secretKeySpec = new SecretKeySpec(key.getBytes(), "HmacSHA512");
29
Mac mac = Mac.getInstance("HmacSHA512");
30
mac.init(secretKeySpec);
31
return toHexString(mac.doFinal(data.getBytes()));
32
}
Copied!

Verification of the Signature

Pseudo Code

1
Function compareSignature(Argument responseData, Argument receivedSignature, Argument apiSecret)
2
3
dataString: Stores the string genereated from request body
4
signature: To store the generated signature
5
REMOVE_ARRAY_KEY(responseData['signature'])
6
7
For each KEY1 and VALUE1 in responseData, do
8
If VALUE1 is Array Then
9
For each KEY2 and VALUE2 in VALUE1, do
10
APPEND VALUE2 to dataString
11
APPEND '|' to dataString
12
EndFor
13
Else
14
APPEND VALUE1 to dataString
15
APPEND '|' to dataString
16
EndIf
17
EndFor
18
19
APPEND '#' to dataString
20
signature = HASH_HMAC_SHA_256(dataString, apiSecret)
21
22
If signature IS NOT EQUAL TO receivedSignature Then
23
Return False
24
Else
25
Return True
26
EndIf
27
28
EndFunction
Copied!
PHP
1
function compareSignature($transactionData, $receivedSignature, $apiSecret) {
2
$dataString = '';
3
4
// Unset signature from data
5
unset($transactionData['signature']);
6
7
foreach ($transactionData as $key => $value) {
8
if (is_array($value)) {
9
foreach ($value as $_key => $_value) {
10
$dataString .= $_value;
11
$dataString .= '|';
12
}
13
} else {
14
$dataString .= $value;
15
$dataString .= '|';
16
}
17
}
18
$dataString .= '#';
19
20
// Creating signature
21
$signature = hash_hmac('sha512', $dataString, $apiSecret);
22
23
if(hash_equals($receivedSignature, $signature)) {
24
// Signature match
25
return true;
26
}
27
28
// Signature mismatch
29
return false;
30
}
Copied!
Last modified 11mo ago