Signature
All requests from ESPAY Server will include signature parameter. All merchants should validate this parameter to ensure that the request strictly comes from ESPAY server.
The transaction signature is generated using SHA256 hash algorithm and the seeds to construct the transaction signature are as follows:
- Signature Key(Key)
- rq_uuid
- tx_id
- Mode
- MERCHANTPAYMENTNOTIF
- MERCHANTCHECKINVOICE
- CHECKINVOICE
Key is used to generate signature and is provided by ESPAY Integration Team
Unique UUID request parameter, available upon request
Merchant’s transaction ID
This parameter differentiates the signature on each request. This mode consists of
If request is Merchant Payment Notification
If request is Merchant Check Invoice
If request is Tagih Check Invoice
The signature sequence order is as follows:
- Merchant Payment Notification:
- Signature Key
- rq_uuid
- tx_id
- Mode : MERCHANTPAYMENTNOTIF
- Merchant Check Invoice:
- Signature Key
- rq_uuid
- Mode : MERCHANTCHECKINVOICE
- Tagih Check Invoice:
- Signature Key
- rq_uuid
- Mode : CHECKINVOICE
The fields must be set in the following order, separated by a ##
##KEY##rq_uuid##tx_id##mode##
Next, the string will have to be converted to UPPERCASE before hashing is done.
Example:
##7bc074f97c3131d2e290a4707a54a623##baefa025e0ca44861DD12afzs##145000065##MERCHANTPAYMENTNOTIF##
Please uppercase all the string to become like this
##7BC074F97C3131D2E290A4707A54A623##BAEFA025E0CA44861DD12AFZS##145000065##MERCHANTPAYMENTNOTIF##
The result after hashing using sha256 algorithm will be
0e9d06cd4d2cfff90e666ffaeafe49bdb227b4f9409215b874841cdba45ed740