Documentation
  • Getting Started
  • PayKun Basic-Know-How
    • Registration Guide
    • Payment Life Cycle
    • Payments
    • PayKun Merchant Dashboard
    • PayKun Payment Links
  • PayKun Developer’s Hub
    • Getting Started
      • General Payment Flow with API
      • ‌Authentication
      • Types of Integration
    • Test Environment
    • API Encryption Key Guide
    • Web Integration
      • Understanding Integration
        • Request
        • Encryption
        • Response
        • Error Codes
      • PHP
      • Python
      • .Net
      • JS Checkout
    • Mobile Integration
      • Android SDK
      • iOS SDK
    • eCommerce Integration
      • OpenCart
      • PrestaShop Modules
      • Paykun WHMCS Kit
      • Wordpress_v4.x_Donation
      • WooCommerce
      • Magento
    • Webhooks
    • API Reference Guide
    • Signature Generation and Verification
    • Test Card Information
Powered by GitBook
On this page
  • Working With Signature
  • Generation of Signature
  • Verification of the Signature

Was this helpful?

  1. PayKun Developer’s Hub

Signature Generation and Verification

PreviousAPI Reference GuideNextTest Card Information

Last updated 4 years ago

Was this helpful?

Working With Signature

We use signature when data authenticity must be ensured before we process it, In such case you will need to generate signature and it into request body. In some cases we may also provide the signature in response which you can validate to ensure that the data you have received has not been ultered on the way.

You have to use your to generate or validate the signature.

Generation of Signature

Pseudo Code

Function generateSignature(Argument requestBody, Argument apiSecret)
	dataString: Stores the string genereated from request body
	signature: To store the generated signature

	For each KEY1 and VALUE1 in requestBody, do
		If VALUE1 is Array Then
			For each KEY2 and VALUE2 in VALUE1, do
				APPEND VALUE2 to dataString
				APPEND '|' to dataString
			EndFor
		Else
			APPEND VALUE1 to dataString
			APPEND '|' to dataString
		EndIf
	EndFor

	APPEND '#' to dataString
	signature = HASH_HMAC_SHA_256(dataString, apiSecret)
	return signature
End function
public function generateSignature($apiSecret, $requestBody) {
    $dataString = '';

    foreach ($requestBody as $key => $value) {
        if (is_array($value)) {
            foreach ($value as $_key => $_value) {
                $dataString .= $_value;
                $dataString .= '|';
            }
        } else {
            $dataString .= $value;
            $dataString .= '|';
        }
    }

    $dataString .= '#';

    $signature = hash_hmac('sha512', $dataString, $apiSecret);
    return $signature;
}
public String generateSignature(String apiSecret, Map<String, String> requestBody) {
    try {
    String[] signature = { "" };
    requestBody.forEach((key, value) -> {
    signature[0] += value;
    signature[0] += "|";
   
            });
    signature[0] += "#";
    return this.calculateHMAC(signature[0], apiSecret);
    } catch (Exception e) {
    System.out.println(e.getMessage());
    return null;
    }
}
    
private static String toHexString(byte[] bytes) {
Formatter formatter = new Formatter();
for (byte b : bytes) {
formatter.format("%02x", b);
}
return formatter.toString();
}

public static String calculateHMAC(String data, String key)
throws SignatureException, NoSuchAlgorithmException, InvalidKeyException
{
SecretKeySpec secretKeySpec = new SecretKeySpec(key.getBytes(), "HmacSHA512");
Mac mac = Mac.getInstance("HmacSHA512");
mac.init(secretKeySpec);
return toHexString(mac.doFinal(data.getBytes()));
}

Verification of the Signature

Pseudo Code

Function compareSignature(Argument responseData, Argument receivedSignature, Argument apiSecret)
	
	dataString: Stores the string genereated from request body
	signature: To store the generated signature
	REMOVE_ARRAY_KEY(responseData['signature'])
	
	For each KEY1 and VALUE1 in responseData, do
		If VALUE1 is Array Then
			For each KEY2 and VALUE2 in VALUE1, do
				APPEND VALUE2 to dataString
				APPEND '|' to dataString
			EndFor
		Else
			APPEND VALUE1 to dataString
			APPEND '|' to dataString
		EndIf
	EndFor
	
	APPEND '#' to dataString
	signature = HASH_HMAC_SHA_256(dataString, apiSecret)
	
	If signature IS NOT EQUAL TO receivedSignature Then
		Return False
	Else
		Return True
	EndIf
	
EndFunction
function compareSignature($transactionData, $receivedSignature, $apiSecret) {
$dataString = '';

// Unset signature from data
unset($transactionData['signature']);

foreach ($transactionData as $key => $value) {
if (is_array($value)) {
foreach ($value as $_key => $_value) {
    $dataString .= $_value;
    $dataString .= '|';
    }
} else {
$dataString .= $value;
$dataString .= '|';
}
}
$dataString .= '#';

// Creating signature
$signature = hash_hmac('sha512', $dataString, $apiSecret);

if(hash_equals($receivedSignature, $signature)) {
// Signature match
return true;
}

// Signature mismatch
return false;
}
Encryption Key