Signature Algorithm
- Signature algorithm is used to sign your payment API request with a private key to obtain additional security.
- Data object needs to be sorted, the Nested object also needs to be sorted.
Step 1 : Prepare a Request Parameter
Method : POST
- Refer to which API endpoint you are calling , below request parameter is just an EXAMPLE
Example of Create Payment URL
| Parameter | Type | Required | Description | Example |
|---|---|---|---|---|
order |
Object | Yes | order information, with keys of [id, title, amount, currencyType, additionalData] |
|
customer |
Object | Yes | customer information, with keys of [name, phone, email] |
|
method |
String | No | List of Type, please refer to Deposit / Payment, If this is given, user will be redirected straight to the specific 3rd party payment page. If not, user will be redirected to Payment page to select the Payment Method |
Order [Object]
| Parameter | Type | Required | Description | Example |
|---|---|---|---|---|
title |
String | Yes | Order title, max: 32 | "Deposit" |
additionalData |
String | No | Order description | |
amount |
String | Yes | Amount of order in Dollar. 100 = MYR 100.00 | 100 |
currencyType |
String | Yes | Currency notation (currently only support MYR)
|
"MYR" |
id |
String | Yes | ID of the Order | |
logoUrl |
String | No | Display merchant logo at payment page |
Customer [Object]
| Parameter | Type | Required | Description | Example |
|---|---|---|---|---|
name |
String | Yes | Customer Name | "Long Wan" |
email |
String | Yes | Customer Email | "" |
phone |
String | Yes | Customer Phone Number | "" |
Example Request
{
"order": {
"id": "A20221111",
"title": "Payment",
"amount": "88.50",
"currencyType": "MYR",
"additionalData": "",
"logoUrl": "https://picsum.photos/200"
},
"customer": {
"name": "Long Wan",
"phone": "0123456789",
"email": "[email protected]"
},
"method": ""
}
- Sort the above json key alphabetically and make it compact
Step 2 : Encode the data using Base64 format
eyJjdXN0b21lciI6eyJuYW1lIjoiTG9uZyBXYW4iLCJwaG9uZSI6IjAxMjM0NTY3ODkiLCJlbWFpbCI6Imxvbmd3YW5AZ21haWwuY29tIn0sIm1ldGhvZCI6IiIsIm9yZGVyIjp7ImlkIjoiQTIwMjIxMTExIiwidGl0bGUiOiJQYXltZW50IiwiYW1vdW50IjoiODguNTAiLCJjdXJyZW5jeVR5cGUiOiJNWVIiLCJhZGRpdGlvbmFsRGF0YSI6IiIsImxvZ29VcmwiOiJodHRwczovL3BpY3N1bS5waG90b3MvMjAwIn19
Step 3: Construct plain text parameters
- if the body is empty then the
dataparameter can be skip
| Parameter | Type | Required | Description | Example |
|---|---|---|---|---|
data |
String | Yes | Base64 data body from Step 2. | Refer to Step 2 |
method |
String | Yes | HTTP call method used | "post" |
nonceStr |
String | Yes | Random string | "VYNknZohxwicZMaWbNdBKUrnrxDtaRhN" |
requestUrl |
String | Yes | API URL that you call must be exactly the same, together with URL. | gateway/v1/createPayment |
signType |
String | Yes | Sign Type, prefer SHA-256 | "sha256" |
timestamp |
String | Yes | UNIX timestamp of request | "1527407052" |
Example
data=eyJjdXN0b21lciI6eyJuYW1lIjoiTG9uZyBXYW4iLCJwaG9uZSI6IjAxMjM0NTY3ODkiLCJlbWFpbCI6Imxvbmd3YW5AZ21haWwuY29tIn0sIm1ldGhvZCI6IiIsIm9yZGVyIjp7ImlkIjoiQTIwMjIxMTExIiwidGl0bGUiOiJQYXltZW50IiwiYW1vdW50IjoiODguNTAiLCJjdXJyZW5jeVR5cGUiOiJNWVIiLCJhZGRpdGlvbmFsRGF0YSI6IiIsImxvZ29VcmwiOiJodHRwczovL3BpY3N1bS5waG90b3MvMjAwIn19&method=post&nonceStr=VYNknZohxwicZMaWbNdBKUrnrxDtaRhN&requestUrl=gateway/v1/createPayment&signType=sha256×tamp=1527407052
Step 4: Sign with CLIENT PRIVATE KEY
- Sign this content using
sha256with rsa private key and make sure the public key have been uploaded to KIRA Merchant Portal
| Type | Required | Description | Example |
|---|---|---|---|
| String | Yes | Sign the request data in Step 3 using PRIVATE_KEY | Response show as below |
Example of Signature
sha256 IrBg6t73VsH7ieEnQDB4CXHFjMWUkp8Dtddpxqw+4Gvz6Tag7Dx6nrfAt2ofYK8xZN9aBCvAKAfmAOGWIXnsTXfhFBnMA2kadiga7ufUJ81ozyhllbiliRM2ugw1OcqSTLRHWBPhrVwhHBxgDiG9wbuI3FKURrz+CufYYakFoCw=
Step 5: Place into Request Header
Put this Signature into header under X-Signature, construct the request and call API endpoint