Security
How to make safe payment requests.
Signature
The signature should use SHA256 as HMAC hash function.
Header
Type
Description
Content-Type
string
application/json; charset=UTF-8
AppId
string
Your App ID in payout platform
Authorization
string
SHA256($sorted_params + $app_key)
Sign Method
Ascendingly, sorted request params, check examples below;
Concatenate sorted_params with app_key.
Use sha256(sorted_params + app_key) to get the Authorization.
Letters in Authorization need to be lower case.
Sign Coding Example
package com.pagsmile.ts;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Map;
import java.util.TreeMap;
public static String getSign(Map<String, String> params, String authKey) {
String param = sortParam(params) + authKey;
return sha256(param);
}
public static String sha256(String str) {
String encodeStr = "";
try {
MessageDigest digest = MessageDigest.getInstance("SHA-256");
byte[] encodedhash = digest.digest(str.getBytes(StandardCharsets.UTF_8));
encodeStr = bytesToHex(encodedhash);
} catch (NoSuchAlgorithmException e) {
throw new RuntimeException("algorithm not supported");
}
return encodeStr;
}
public static String sortParam(Map<String, String> params) {
try {
Map<String, String> map = new TreeMap<>(params);
StringBuilder sb = new StringBuilder();
for (String k : map.keySet()) {
String v = map.get(k);
if (v != null && v.length() > 0) {
sb.append(k).append("=").append(v).append("&");
}
}
if (sb.length() <= 0) {
return "";
}
return sb.subSequence(0, sb.length() - 1).toString();
} catch (Exception e) {
e.printStackTrace();
}
return "";
}
private static String bytesToHex(byte[] hash) {
StringBuilder hexString = new StringBuilder(2 * hash.length);
for (int i = 0; i < hash.length; i++) {
String hex = Integer.toHexString(0xff & hash[i]);
if (hex.length() == 1) {
hexString.append('0');
}
hexString.append(hex);
}
return hexString.toString();
}
Sign Example
Sample request:
{
"account_digit": "4",
"account_number": "1234567",
"account_type": "CHECKING",
"additional_remark": "1234567_test",
"amount": "10.00",
"bankcode": "001",
"branch": "0001",
"custom_code": "1234567",
"document_id": "50284414727",
"document_type": "CPF",
"fee": "merchant",
"name": "Test User Name",
"notify_url": "https://www.pagsmile.com",
"payout_currency": "BRL",
"source_currency": "BRL"
}
Sorted parameter before hash:
account_digit=4&account_number=1234567&account_type=CHECKING&additional_remark=1234567_test&amount=10.00&bankcode=001&branch=0001&custom_code=1234567&document_id=50284414727&document_type=CPF&fee=merchant&name=Test User Name¬ify_url=https://www.pagsmile.com&payout_currency=BRL&source_currency=BRL
Concatenate sorted_params with app_key (exmaple app key ABCDE) :
account_digit=4&account_number=1234567&account_type=CHECKING&additional_remark=1234567_test&amount=10.00&bankcode=001&branch=0001&custom_code=1234567&document_id=50284414727&document_type=CPF&fee=merchant&name=Test User Name¬ify_url=https://www.pagsmile.com&payout_currency=BRL&source_currency=BRLABCDE
sha256 hash
b15f900705867ecc3f66088054c14a80f9f12b1fb31c82320c4cbfe181876abb
Last updated
Was this helpful?