Table of Contents

Signatures

When sending data to your website that the user has control of, we'll sign the data to prevent any tampering. Sample code for generating the signatures in Python and PHP are available below.

Example code written in Python

# Example script showing how to verify url parameters using the shared secret.
import base64
import hashlib
import hmac
import urllib
 
shared_secret = 'e30171d41baad4372c73f72335789915'
url_params = {
    "client_id": "..",
    "id": "..",
    "service_id": "..",
    "total": "..",
    "signature": "..",
}
 
# Create canonicalized string, which excludes the signature
canonicalized = urllib.urlencode(sorted((k, v) for (k, v) in url_params.items()
                                        if k != 'signature'))
 
# Get out the signature using the secret key
sig_hash = hmac.new(shared_secret, canonicalized, hashlib.sha256)
signature = base64.b64encode(sig_hash.digest())
 
# Success! (hopefully)
assert signature == url_params['signature']

Example code written in PHP

<?php
$secret = 'e30171d41baad4372c73f72335789915';
 
$check = $_POST;
unset($check['signature']);
ksort($check);
$request = http_build_query($check);
$signature = base64_encode(hash_hmac('sha256', $request, $secret, true));
 
if ($signature === $_POST['signature']) {
  print "Transaction confirmed\n";
}else{
  print "Signature was not correct\n";
}