Authentication

Finpay secured with signature algorithm to ensure that the request or response cannot be intercepted and impersonated by unauthorized user. This signature is generated using SHA256.

Signature

1. Sort ascending parameter name

IE: json request is

{
  "failed_url": "http://ec2-18-140-83-171.ap-southeast-1.compute.amazonaws.com:8109/payment/paymentStatusSuccess",
  "success_url": "http://ec2-18-140-83-171.ap-southeast-1.compute.amazonaws.com:8109/payment/paymentStatusFailed",
  "return_url": "http://servicebussit.telkom.co.id:9001/TelkomSystem/Finnet/Services/ProxyService/notifDeposit",
  "sof_type": "pay",
  "sof_id": "tcash",
  "cust_name": "Pccw Five One",
  "cust_email": "pccwtest51@gmail.com",
  "cust_msisdn": "000100661146",
  "cust_id": "100661146",
  "amount": "10000",
  "invoice": "202007081605",
  "trans_date": "20200708160606",
  "merchant_id": "MYINDHM869",
  "timeout": "180",
  "add_info2": "100661146",
  "add_info1": "Pccw Five One",
  "mer_signature": "666a6f8204a4c70c789d20ccfdda9dea4db82a5c4dcd9208a647960452d62200",
  "items": [["deposit-000100661146-100661146", "10000", 100661146]]
}

2. Join all parameter value using % separated and uppercase

PCCW FIVE ONE%100661146%10000%PCCWTEST51@GMAIL.COM%100661146%000100661146%PCCW FIVE ONE%HTTP://EC2-18-140-83-171.AP-SOUTHEAST-1.COMPUTE.AMAZONAWS.COM:8109/PAYMENT/PAYMENTSTATUSSUCCESS%202007081605%[["DEPOSIT-000100661146-100661146","10000",100661146]]%MYINDHM869%HTTP://SERVICEBUSSIT.TELKOM.CO.ID:9001/TELKOMSYSTEM/FINNET/SERVICES/PROXYSERVICE/NOTIFDEPOSIT%TCASH%PAY%HTTP://EC2-18-140-83-171.AP-SOUTHEAST-1.COMPUTE.AMAZONAWS.COM:8109/PAYMENT/PAYMENTSTATUSFAILED%180%20200708160606%

3. Add Merchant Password at the end of joining string

PCCW FIVE ONE%100661146%10000%PCCWTEST51@GMAIL.COM%100661146%000100661146%PCCW FIVE ONE%HTTP://EC2-18-140-83-171.AP-SOUTHEAST-1.COMPUTE.AMAZONAWS.COM:8109/PAYMENT/PAYMENTSTATUSSUCCESS%202007081605%[["DEPOSIT-000100661146-100661146","10000",100661146]]%MYINDHM869%HTTP://SERVICEBUSSIT.TELKOM.CO.ID:9001/TELKOMSYSTEM/FINNET/SERVICES/PROXYSERVICE/NOTIFDEPOSIT%TCASH%PAY%HTTP://EC2-18-140-83-171.AP-SOUTHEAST-1.COMPUTE.AMAZONAWS.COM:8109/PAYMENT/PAYMENTSTATUSFAILED%180%20200708160606%yourpassword

4. Hash using sha256 and uppercase

666A6F8204A4C70C789D20CCFDDA9DEA4DB82A5C4DCD9208A647960452D62200

Example code to generate signature

function createSignature($data,$pass){
	$sign_component = mer_signature($data,$sortir='Y').$pass;
	$sign_result = strtoupper(hash256($sign_component));
	$sign_response['component'] = $sign_component;
	$sign_response['result'] = $sign_result;
	return($sign_response);
}

function mer_signature($array,$sortir=''){
	unset($array['mrc_signature']);
	unset($array['mer_signature']);
	unset($array['fin_securehash']);
	unset($array['signature']);
	$result = array_filter($array);
	if($sortir=='Y'){
		ksort ($result);
	}
	foreach($result as $key=>$val){
		if(!empty($val)){
			if(is_array($val)){
				$output .= json_encode($val).'%';
			}else{
				$output .= $val.'%';
			}
		}
	}
	return strtoupper($output);
}

Signature​

1. Sort ascending parameter name​

2. Join all parameter value using % separated and uppercase​

3. Add Merchant Password at the end of joining string​

4. Hash using sha256 and uppercase​