Calculation of the HMAC

The seal (to be sent in the Hmac field) is calculated using a cryptographic hash function. It is combined with a merchant key that complies with the specifications of RFC 2104. This function will generate the seal from the data to be certified and the merchant security key in its octal form.

Points of attention when calculating the seal :
• The spaces at the beginning and at the end of each field are removed (Trim).
• Specify the encoding of the character string used for the calculation of the HMAC seal (to check if it is compatible with the encoding set for the merchant).

It is the merchant's responsibility to keep the key used by the hash function secure and confidential by using the best tools available in their environment.

This key will be provided by Floa.

The security key is represented by 40 hexadecimal characters (for example: 0123456789ABCDEF0123456789ABCDEF01234567). This representation must be converted to a 20-byte string before use.

Data to be certified

DataHash chain
MerchantIdTo be certified
MerchantSiteIdTo be certified
Order/ShoppingCartRefTo be certified
PaymentOptionRefTo be certified
Order/TotalAmountTo be certified
freeTextTo be certified if completed

Hash chain (without freeText)


Hash chain (with freeText)


Sample code

public static string ComputeHMACSHA1_UTF8(string key, string value)
  // 1. Converts key and value into byte array. 
  byte[] keyBytes = UTF8Encoding.UTF8.GetBytes(key); 
  byte[] valueBytes = UTF8Encoding.UTF8.GetBytes(value); 
  // 2. Initialize hmac computer 
  HMACSHA1 hmacSha1Computer = new HMACSHA1(keyBytes); 
  // 3. Performs hash 
  byte[] hmacBytes = hmacSha1Computer.ComputeHash(valueBytes); 
  // 4. Format the hash into string format. 
  return BitConverter.ToString(hmacBytes).Replace("-", string.Empty); 
hash_hmac('sha1', $value, $key, false);