Skip to main content

Authentication

Finpay secured with signature algorithm to ensure that the request or response cannot be intercepted and impersonated by unauthorized user. This signature is generated using SHA256.

Signature

1. Sort ascending parameter name

IE: json request is

{
  "merchant_id": "ASDP931",
  "trans_date": "20200709133629",
  "timeout": "179",
  "invoice": "W00201910137543",
  "amount": "30500",
  "sof_id": "finpay",
  "sof_type": "pay",
  "add_info1": "ADI ",
  "add_info2": "adi.didi.supriadi@gmail.com",
  "return_url": "http://dev.nutech-integrasi.com/asdp_api/v2/payment/finpay",
  "success_url": "http://dev.nutech-integrasi.com/asdp_reservation/mybooking",
  "failed_url": "http://dev.nutech-integrasi.com/asdp_reservation/mybooking",
  "cust_email": "adi.didi.supriadi@gmail.com",
  "cust_id": "11111",
  "cust_msisdn": "081233778874",
  "cust_name": "adi",
  "items": "tiket",
  "mer_signature": "ba748cbf53b3a1d1a00d16b76c1c7534c47bbdfd6e2137c5267a505b64d82c41"
}

2. Join all parameter value using % separated and uppercase

 ADI %ADI.DIDI.SUPRIADI@GMAIL.COM%30500%ADI.DIDI.SUPRIADI@GMAIL.COM%11111%081233778874%ADI%HTTP://DEV.NUTECH-INTEGRASI.COM/ASDP_RESERVATION/MYBOOKING%W00201910137543%TIKET%ASDP931%HTTP://DEV.NUTECH-INTEGRASI.COM/ASDP_API/V2/PAYMENT/FINPAY%FINPAY%PAY%HTTP://DEV.NUTECH-INTEGRASI.COM/ASDP_RESERVATION/MYBOOKING%179%20200709133629%

3. Add Merchant Password at the end of joining string

ADI %ADI.DIDI.SUPRIADI@GMAIL.COM%30500%ADI.DIDI.SUPRIADI@GMAIL.COM%11111%081233778874%ADI%HTTP://DEV.NUTECH-INTEGRASI.COM/ASDP_RESERVATION/MYBOOKING%W00201910137543%TIKET%ASDP931%HTTP://DEV.NUTECH-INTEGRASI.COM/ASDP_API/V2/PAYMENT/FINPAY%FINPAY%PAY%HTTP://DEV.NUTECH-INTEGRASI.COM/ASDP_RESERVATION/MYBOOKING%179%20200709133629%yourpassword

4. Hash using sha256 and uppercase

 98910DB545D9DEE5910A7752D9D452A9DC0D37176E2126895F42036DAD6FF461

Example code to generate signature

function createSignature($data,$pass){
	$sign_component = mer_signature($data,$sortir='Y').$pass;
	$sign_result = strtoupper(hash256($sign_component));
	$sign_response['component'] = $sign_component;
	$sign_response['result'] = $sign_result;
	return($sign_response);
}

function mer_signature($dataArray,$sortir=''){
	unset($dataArray['mer_signature']);
	$result = array_filter($dataArray);
	if($sortir=='Y'){
		ksort ($result);
	}
	foreach($result as $key=>$val){
		if(!empty($val)){
			if(is_array($val)){
				$output .= json_encode($val).'%';
			}else{
				$output .= $val.'%';
			}
		}
	}
	return strtoupper($output);
}