Documentation
Documentation
Getting Started
PayKun Basic-Know-How
Registration Guide
Payment Life Cycle
Payments
PayKun Merchant Dashboard
PayKun Payment Links
PayKun Developer’s Hub
Getting Started
Test Environment
API Encryption Key Guide
Web Integration
Understanding Integration
Request
Encryption
Response
Error Codes
PHP
Python
.Net
JS Checkout
Mobile Integration
eCommerce Integration
API Reference Guide
Test Card Information
Powered by GitBook

Encryption

All server to server data should be encrypted using AES-256-CBC with HMAC. Pseudo Code for encryption is explained below:

Input: plain_text Input: api_secret iv=generated random 16 byte enc_text=Encrypt plain_text Using AES-256-CBC,
api_secret & iv b_iv=Base64 Encode iv concat_string=b_iv + enc_text [Concat string] mac=Generate SHA256 Hash of concat_string using api_secret [HMAC] data_array=array of iv,
enc_text,
mac json_string=Convert data_array into Json String final_encrypted_text=Base64 Encode json_string

PHP Example

function encrypt($text, $key) {
    $iv = random_bytes(16);
    $value = openssl_encrypt(serialize($text), 'AES-256-CBC', $key, 0, $iv);
    $bIv = base64_encode($iv);
    $mac = hash_hmac('sha256', $bIv.$value, $key);
    $c_arr = ['iv' => $bIv, 'value' => $value, 'mac' => $mac];
    $json = json_encode($c_arr);
    $crypted = base64_encode($json);
    return $crypted;
}

Encryption should be done using the API Secret Key.

Note: Do not transfer or send this API Secret Key in any request. Do not share API Secret Key with anyone for security reasons.

​

Previous
Request
Next
Response
Last updated 3 months ago