Digital Signature SIJITU
To ensure payment requests come from registered ESPAY merchants, merchants will sign the payload using the SHA256 algorithm then ESPAY will verify the signature.
API Signature
Signature Elements
| API | Combination |
| Inquiry Balance | rq_uuid + sender_id + user_id + CHECKBALANCE + Signature Key |
| Inquiry Name Search | rq_uuid + sender_id + user_id + find_name + similarity + INQUIRYNAMESEARCH + Signature Key |
| Verify Biometric | rq_uuid + sender_id + user_id + nomor_identitas + BIOMETRIC + Signature Key |
| Basic Verification | rq_uuid + sender_id + user_id + nomor_identitas + name + BASICVERIFY + Signature Key |
| Batch Search | rq_uuid + sender_id + user_id + organization_id + BATCHSEARCH + Signature Key |
| Check Status Batch Search | rq_uuid + sender_id + user_id + organization_id + batch_id + CHECKSTATUSBATCHSEARCH + Signature Key |
| List Scoring | rq_uuid + sender_id + user_id + organization_id + LISTSCORING + Signature Key |
| Question Scoring | rq_uuid + sender_id + user_id + organization_id + id_scoring + QUESTIONSCORING + Signature Key |
| Answer Scoring | rq_uuid + sender_id + user_id + organization_id + id_scoring + status_pep + ANSWERSCORING + Signature Key |
| Result Scoring | rq_uuid + sender_id + user_id + organization_id + risk_scoring_id + RESULTSCORING + Signature Key |
| Batch Search Upload File | rq_uuid + sender_id + user_id + organization_id + UPLOADBATCHDATA + Signature Key |
| Get Income Personal | rq_uuid + sender_id + user_id + nomor_identitas + npwp + GETINCOMEPERSONAL + Signature Key |
| Verify OCR | rq_uuid + sender_id + user_id + organization_id + OCR + Signature Key |
Steps:
Here is an example for creating a signature for Inquiry Balance
Sample data:
Signature Key : gloaoyfuoqlz03q3
user_id : sijitutestmerchant
Salt string : CHECKBALANCE
- Step 1
- Step 2
- Step 3
Combine all parameters used in sequence, separated by "##"
##rq_uuid## sender_id ##user_id##salt string##signatureKey##
So, the result is:
##rquuidtestapisijitu02987001##MERCHANT_SIJITU##sijitutestmerchant##CHECKBALANCE##gloaoyfuoqlz03q3##
Capitalization result from Step 1:
##RQUUIDTESTAPISIJITU02987001##MERCHANT_SIJITU##SIJITUTESTMERCHANT##CHECKBALANCE##GLOAOYFUOQLZ03Q3##
a hashed result of Step 2 using the sha256 method:
hash(“sha256”, ##RQUUIDTESTAPISIJITU02987001##MERCHANT_SIJITU##SIJITUTESTMERCHANT##CHECKBALANCE##GLOAOYFUOQLZ03Q3##)
Result : 1c2acc38d8d5c15b3bb04fb05ebf47281dbe7c48714f9bc5362cd12ab8d57bcd
Use the result from Step 3 as the signature value.