Subscriptions

Suggest Edits

Steps for Signature Verification

  1. Extract Signature: Extract the signature from the subscription data.
  2. Extract Data: Extract the relevant data fields from the subscription data.
  3. Recreate Message: Recreate the message by concatenating the extracted data fields.
  4. Compute Signature: Compute the signature using the same algorithm and secret key used for generating the original signature.
  5. Compare Signatures: Compare the extracted signature with the computed signature.
  6. Verification: If the two signatures match, the subscription data is considered valid. Otherwise, it may have been tampered with.

Example Code (Python)


import (
    "crypto/hmac"
    "crypto/sha256"
    "encoding/base64"
)

type RequestObj struct {
    Amount string
    ClientKey string
    Currency string
    Frequency string
    MerchantOrderRef string
}

func GenerateSignature(requestObj RequestObj, secretKey string) string {
    params := make(url.Values)
    params.Add("amount", requestObj.Amount)
    params.Add("client_key", requestObj.ClientKey)
    params.Add("currency", requestObj.Currency)
    params.Add("frequency", requestObj.Frequency)
    params.Add("merchant_order_ref", requestObj.MerchantOrderRef)

    data := params.Encode()

    secret := []byte(secretKey)
    message := []byte(data)

    hash := hmac.New(sha256.New, secret)
    hash.Write(message)

    // to base64
    hash_value := base64.StdEncoding.EncodeToString(hash.Sum(nil))
    return hash_value
}

Updated 7 days ago