The below are steps of digital signature services generation :
| No | Steps |
|---|---|
| 1 | Compose the string to sign: stringToSign = HTTPMethod +”:“+ EndpointUrl +":"+ AccessToken+":“+ Lowercase(HexEncode(SHA256(minify (RequestBody))))+ ":“ +TimeStamp |
| 2 | Create Signature with HMAC_SHA512 HMAC_SHA512 (clientSecret, stringToSign) |
| 3 | The signature string is generated from string to sign above with applying HMAC_SHA512 hashing using client secret key which given by Qoinhub and then encode the result to base64. |
| 4 | Put the signature string into HTTP Header “X-SIGNATURE“ from when call Transactional API. *X-SIGNATURE = HMAC_SHA512 (clientSecret, stringToSign) |
Example:
- stringToSign : POST:/ordersnap/api/v1.0/qr/qr-mpm-generate:gSNfcFyM6YA97pnw4SvUhQ7cUJWc1Ab/I4WdeQx53UjiYMbWgPONMUXEDrHT4nfTRpehJ9C1mBhH1oivlF+TCx8xj9k2OlJy6AtCR00DR2kW+PvTE5zzx6zHkXR1BHSF61/0YY5aQDMQP2a09wKFWPUFf4RnGckwtP8rehVqw8A=:12f54e59ed57e9ee27a3811351b0e200dd43d96e27b920e7ae9ce384e5fe2d5f:2024-05-17T14:12:50+07:00
- HMAC_SHA512 (clientSecret, stringToSign)
- Result : GG7DfL893jQoRhuJ15FGBv6vxXNAkLYGwqKCOgcFh/a9ntHvvAm4QM7bWSSlyvqLoBI5kclqwoAoc57aKbKCwQ==