{"id":289,"date":"2021-07-22T09:49:06","date_gmt":"2021-07-22T09:49:06","guid":{"rendered":"https:\/\/payb.co.uk\/integration-guide\/?p=289"},"modified":"2021-07-22T09:49:06","modified_gmt":"2021-07-22T09:49:06","slug":"simple-hashing-example-2","status":"publish","type":"post","link":"https:\/\/payb.co.uk\/integration-guide\/transparent-redirect\/important-notes\/simple-hashing-example-2\/","title":{"rendered":"Simple Hashing Example"},"content":{"rendered":"

Here is an example of some transaction variables:<\/p>\n

MerchantID<\/strong>: YourCo-1234567<\/p>\n

Amount<\/strong>: 100.00<\/p>\n

CurrencyCode<\/strong>: 826<\/p>\n

OrderID<\/strong>: 12345<\/p>\n

These variables would be concatenated (in a specific order) and combined with data known only to your system and ours (the account password and PreSharedKey) which is NOT transmitted with the transaction request. This produces the following string:<\/p>\n

MerchantID=YourCo- 1234567&Password=MyPassword&PreSharedKey=ASecretKey&Amount=10000&CurrencyCode=826<\/p>\n

&OrderID=12345<\/p>\n

A simple hash method would output the following hash digest (or “Signature”), when this string is passed into a hashing (in this case SHA1) function (which is also transmitted with the transaction variables):<\/p>\n

5c6b9c913b2301e9aa6ff488b06e09273cded2a5<\/p>\n

If the amount was altered from £100.00 to £1.00:<\/p>\n

MerchantID<\/strong>: YourCo-1234567<\/p>\n

Amount<\/strong>: 1.00<\/p>\n

CurrencyCode<\/strong>: 826<\/p>\n

OrderID<\/strong>: 12345<\/p>\n

When these variables are received by our system, they would be used to produce the following string:<\/p>\n

MerchantID=YourCo- 1234567&Password=MyPassword&PreSharedKey=ASecretKey&Amount=100&CurrencyCode=826& OrderID=12345<\/p>\n

Which when passed into the same hashing function would produce the following hash digest (or “Signature”):<\/p>\n

4ba1164acbec732c18cd6e5f632adcdd4b440237<\/p>\n

This demonstrates that changing any of these variables, even just a single character, results in a very different resulting hash digest, and makes the process of detecting variable tampering very easy.<\/p>\n","protected":false},"excerpt":{"rendered":"

Here is an example of some transaction variables: MerchantID: YourCo-1234567 Amount: 100.00 CurrencyCode: 826 OrderID: 12345 These variables would be concatenated (in a specific order) and combined with data known only to your system and ours (the account password and PreSharedKey) which is NOT transmitted with the transaction request. This produces the following string: MerchantID=YourCo-…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[7],"tags":[],"_links":{"self":[{"href":"https:\/\/payb.co.uk\/integration-guide\/wp-json\/wp\/v2\/posts\/289"}],"collection":[{"href":"https:\/\/payb.co.uk\/integration-guide\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/payb.co.uk\/integration-guide\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/payb.co.uk\/integration-guide\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/payb.co.uk\/integration-guide\/wp-json\/wp\/v2\/comments?post=289"}],"version-history":[{"count":1,"href":"https:\/\/payb.co.uk\/integration-guide\/wp-json\/wp\/v2\/posts\/289\/revisions"}],"predecessor-version":[{"id":292,"href":"https:\/\/payb.co.uk\/integration-guide\/wp-json\/wp\/v2\/posts\/289\/revisions\/292"}],"wp:attachment":[{"href":"https:\/\/payb.co.uk\/integration-guide\/wp-json\/wp\/v2\/media?parent=289"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/payb.co.uk\/integration-guide\/wp-json\/wp\/v2\/categories?post=289"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/payb.co.uk\/integration-guide\/wp-json\/wp\/v2\/tags?post=289"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}