Authentication
Finpay secured with signature
algorithm to ensure that the request or response cannot be intercepted and impersonated by unauthorized user. This signature is generated using SHA256.
Signature
1. Sort ascending parameter name
IE: json request is
{
"merchant_id": "ASDP931",
"trans_date": "20200709133629",
"timeout": "179",
"invoice": "W00201910137543",
"amount": "30500",
"sof_id": "finpay",
"sof_type": "pay",
"add_info1": "ADI ",
"add_info2": "adi.didi.supriadi@gmail.com",
"return_url": "http://dev.nutech-integrasi.com/asdp_api/v2/payment/finpay",
"success_url": "http://dev.nutech-integrasi.com/asdp_reservation/mybooking",
"failed_url": "http://dev.nutech-integrasi.com/asdp_reservation/mybooking",
"cust_email": "adi.didi.supriadi@gmail.com",
"cust_id": "11111",
"cust_msisdn": "081233778874",
"cust_name": "adi",
"items": "tiket",
"mer_signature": "ba748cbf53b3a1d1a00d16b76c1c7534c47bbdfd6e2137c5267a505b64d82c41"
}
2. Join all parameter value using % separated and uppercase
ADI %ADI.DIDI.SUPRIADI@GMAIL.COM%30500%ADI.DIDI.SUPRIADI@GMAIL.COM%11111%081233778874%ADI%HTTP://DEV.NUTECH-INTEGRASI.COM/ASDP_RESERVATION/MYBOOKING%W00201910137543%TIKET%ASDP931%HTTP://DEV.NUTECH-INTEGRASI.COM/ASDP_API/V2/PAYMENT/FINPAY%FINPAY%PAY%HTTP://DEV.NUTECH-INTEGRASI.COM/ASDP_RESERVATION/MYBOOKING%179%20200709133629%
3. Add Merchant Password at the end of joining string
ADI %ADI.DIDI.SUPRIADI@GMAIL.COM%30500%ADI.DIDI.SUPRIADI@GMAIL.COM%11111%081233778874%ADI%HTTP://DEV.NUTECH-INTEGRASI.COM/ASDP_RESERVATION/MYBOOKING%W00201910137543%TIKET%ASDP931%HTTP://DEV.NUTECH-INTEGRASI.COM/ASDP_API/V2/PAYMENT/FINPAY%FINPAY%PAY%HTTP://DEV.NUTECH-INTEGRASI.COM/ASDP_RESERVATION/MYBOOKING%179%20200709133629%yourpassword
4. Hash using sha256 and uppercase
98910DB545D9DEE5910A7752D9D452A9DC0D37176E2126895F42036DAD6FF461
Example code to generate signature
function createSignature($data,$pass){
$sign_component = mer_signature($data,$sortir='Y').$pass;
$sign_result = strtoupper(hash256($sign_component));
$sign_response['component'] = $sign_component;
$sign_response['result'] = $sign_result;
return($sign_response);
}
function mer_signature($dataArray,$sortir=''){
unset($dataArray['mer_signature']);
$result = array_filter($dataArray);
if($sortir=='Y'){
ksort ($result);
}
foreach($result as $key=>$val){
if(!empty($val)){
if(is_array($val)){
$output .= json_encode($val).'%';
}else{
$output .= $val.'%';
}
}
}
return strtoupper($output);
}