The seal (to be sent in the Hmac field) is calculated using a cryptographic hash function. It is combined with a merchant key that complies with the specifications of RFC 2104. This function will generate the seal from the data to be certified and the merchant security key in its octal form.
Points of attention when calculating the seal :
• The spaces at the beginning and at the end of each field are removed (Trim).
• Specify the encoding of the character string used for the calculation of the HMAC seal (to check if it is compatible with the encoding set for the merchant).
It is the merchant's responsibility to keep the key used by the hash function secure and confidential by using the best tools available in their environment.
This key will be provided by Floa.
The security key is represented by 40 hexadecimal characters (for example: 0123456789ABCDEF0123456789ABCDEF01234567). This representation must be converted to a 20-byte string before use.
Data to be certified
| Data | Hash chain |
|---|---|
| MerchantId | To be certified |
| MerchantSiteId | To be certified |
| Order/ShoppingCartRef | To be certified |
| PaymentOptionRef | To be certified |
| Order/TotalAmount | To be certified |
| freeText | To be certified if completed |
Hash chain (without freeText)
merchantID*merchantSiteID*ShoppingCartRef*PaymentOptionRef*TotalAmount*
Hash chain (with freeText)
merchantID*merchantSiteID*ShoppingCartRef*PaymentOptionRef*TotalAmount*freeText*
Sample code
public static string ComputeHMACSHA1_UTF8(string key, string value)
{
// 1. Converts key and value into byte array.
byte[] keyBytes = UTF8Encoding.UTF8.GetBytes(key);
byte[] valueBytes = UTF8Encoding.UTF8.GetBytes(value);
// 2. Initialize hmac computer
HMACSHA1 hmacSha1Computer = new HMACSHA1(keyBytes);
// 3. Performs hash
byte[] hmacBytes = hmacSha1Computer.ComputeHash(valueBytes);
// 4. Format the hash into string format.
return BitConverter.ToString(hmacBytes).Replace("-", string.Empty);
}
hash_hmac('sha1', $value, $key, false);