Computing the Protocol Signature

API Response Protocol Signing


The Intrapay System response signature (pSign) is the SHA1 hash involving the merchant passcode concatenated with several parameters listed in the following examples. This signature will keep the protocol very secure and block any unauthorized calls to the API.

Please note that the pSign calculation will always use the EXACT values of the parameters needed, and NOT their urlencoded values!


Intrapay pSign used in JSON responses:

If we take as an example the previous HTTP call with pSign above, the Intrapay Response signature (pSign) will be the SHA1 hash applied to the string composed from the Merchant passcode 1sd4#f@*7fd4 concatenated with 34 (the merchant id), fcdd511663ff60de6a7cfe0acb5fba01d402e938 (the Request pSign), the response code and the reason code (both contained in the response).

Therefore, a valid Intrapay Response on this recurrent transaction example will contain the following pSign (in the case of a successful transaction, response code 1 with reason code 1) – 5d57285b19fbd85d00f387ef0447282f15b04d06.

Example of pSign in case of JSON Successful Response:

{
	"responseCode":1,
	"reasonCode":1,
	"order": {
		"orderID":"1345",
		"reference":"A00000001B0000000000001345",
		"settlementAmount":"128.00",
		"settlementCurrency":"EUR",
		"entryDate":"2012-03-13 13:19:50",
		"dueDate":"2012-03-13 23:59:00"
	},
	"pSign":"5d57285b19fbd85d00f387ef0447282f15b04d06"
}

Other valid Intrapay Response for the recurrent transaction example above would show in case of an error (response code 3 with reason code 105) the following pSign – b2f52bc917bf2c24204b68af511d022011ef25c4.

Example of pSign in case of JSON Error Response:

{
	"responseCode":3,
	"reasonCode":105,
	"pSign":"b2f52bc917bf2c24204b68af511d022011ef25c4"
}

Intrapay pSign used in HTTP responses with customer redirects:

Following our example, the Intrapay response signature (pSign) used in HTTP response with customer redirects will be the SHA1 hash applied to the string composed from the Merchant passcode 1sd4#f@*7fd4 concatenated with all parameter values (not urlencoded) used in that redirect according to their order.


Example of pSign in case of a Successful customer redirect:

https://www.mysite.com/notify?
responseCode=1&reasonCode=1
&transactionID=20140905-2CBBC34D822EAC4FB4B6-2C7D528CC5A57B925FD6
&amount=250.00¤cy=EUR&orderID=16779
&executed=2012-03-16+14%3A02%3A29
&bankResultCode=018021&bankAuthCode=690345
&pSign=7da93b59dd7ad9cf61762c45c60ce8e3f96aebc8

The pSign was calculated as the SHA1 of the following string composed from the concatenated values below.
Please note the “executed” parameter urldecoded value when used in pSign hash calculation):

1sd4#f@*7fd4 + 1 + 1 + 20140905-2CBBC34D822EAC4FB4B6-2C7D528CC5A57B925FD6 + 250.00 + EUR + 16779 + 2012-03-16 14:02:29 + 018021 + 690345

Resulting string used to be hashed: 1sd4#f@*7fd41120140905-2CBBC34D822EAC4FB4B6-2C7D528CC5A57B925FD6250.00EUR167792012-03-16 14:02:29018021690345


Example of pSign in case of an Error in customer redirect:

https://www.mysite.com/notify?responseCode=3&reasonCode=105
&transactionID=20140905-2CBBC34D822EAC4FB4B6-2C7D528CC5A57B925FD6
&amount=250.00¤cy=EUR&orderID=1345
&executed=2012-03-16+14%3A02%3A29
&pSign=a02ea0f351bd76962ef33334cbe2cd115153721c

The pSign was calculated as the SHA1 of the following string composed from the concatenated values below.
Please note the “executed” parameter urldecoded value when used in pSign hash calculation):

1sd4#f@*7fd4 + 3 + 105 + 20140905-2CBBC34D822EAC4FB4B6-2C7D528CC5A57B925FD6 + 250.00 + EUR + 16779 + 2012-03-16 14:02:29 + 018021 + 690345

Resulting string used to be hashed: 1sd4#f@*7fd4310520140905-2CBBC34D822EAC4FB4B6-2C7D528CC5A57B925FD6250.00EUR167792012-03-16 14:02:29018021690345


Please note that every request to the Intrapay API should contain a valid signature (pSign parameter) and upon valid requests each response from the Intrapay system will contain the corresponding pSign. Also, the Merchant should validate the pSign (if returned) from the Intrapay response for better security and in order to avoid errors!