Generating Fasterpay API Hash

FasterPay Checkout Page API requires a Signature hash to be calculated and sent along with the other request parameters for merchant verification and protection against forged requests. A signature hash is a querystring of all the parameters that are to be sent to the Hosted Checkout API along with the Merchant’s Private Key. The result is then hashed with a SHA256 Hashing algorithm for security purposes.


Hash calculation for Widget

Calculation algorithm for hash:

hash=HMAC_SHA256("PARAM_NAME_1=PARAM_VALUE_1;PARAM_NAME_2=PARAM_VALUE_2", YOUR_PRIVATE_KEY)

Sample hash base string

(amount=10;api_key=YOUR_API_KEY;currency=USD;description=testing_product;merchant_order_id=Unique ID;success_url=YOUR_HOSTED_URL)

The parameters should be sorted alphabetically by the parameter name prior to hash calculation.

<?phpfunction ksortParameters(&$parameters, $version = "v1") {
    if ($version == "v2") {
        ksort($parameters);
        foreach($parameters as $k => $v) {
            if (!is_array($v)) {
                continue;
            }
            ksortParameters($parameters[$k], $version);
        }
        return;
    }
    ksort($parameters);
}
function getEncodedString($parameters, $version = "v1") {
    if ($version == "v2") {
        $encodeString = '';
        foreach ($parameters as $k => $v) {
            if (is_array($v)) {
                $encodeString .= getEncodedString($v, $version);
                continue;
            }
            $encodeString .= "$k=$v;";
        }
        return $encodeString;
    }
    return http_build_query($parameters);
}
function calculateWidgetSignature($parameters) {
    $version = null;
    if (!empty($parameters['sign_version']) && ($parameters['sign_version'] == "v2")) {
        $version = "v2";
    }
    ksortParameters($parameters, $version);
    $baseString = getEncodedString($parameters, $version);
    if ($version == "v2") {
        return hash_hmac('sha256', $baseString, $privateKey);
    }
    return hash('sha256', $baseString . $privateKey);
}

$hash = calculateWidgetSignature($params);

Hash Calculation for Pingback

Calculation algorithm for hash:

hash=HMAC_SHA256($pingbackData, $privateKey)

Sample hash base string

{"amount":10,"api_key":"Your API Key","currency":"USD","description":"testing_product","merchant_order_id":"Unique ID","success_url":"Merchant Hosted URL"}

The parameters should be sorted alphabetically by the parameter name prior to hash calculation.

<?phpfunction calculatePingbackSignature($pingbackData = null, $version = "v1") {
    if ($version == self::SIGN_VERSION_2) {
        return hash_hmac('sha256' , $pingbackData, $privateKey);
    }
    return null;
}
$pingbackHash = calculatePingbackSignature($pingbackData, "v2");

Hash Calculation v1 [Deprecated]

Calculation algorithm for hash:

hash = SHA256("PARAM_NAME_1=PARAM_VALUE_1&PARAM_NAME_2=PARAM_VALUE_2Private_Key")

Sample hash base string

(amount=10&api_key=Your API Key&currency=USD&description=testing_product&merchant_order_id=Unique ID&success_url=Merchant Hosted URLYour Project Private key)

The parameters should be sorted alphabetically by the parameter name prior to hash calculation.

<?php$params = ksort($parameters);
$hash   = hash('sha256', http_build_query($parameters) . $private_key);