When sending data to your website that the user has control of, we'll sign the data to prevent any tampering. Sample code for generating the signatures in Python and PHP are available below.

# Example script showing how to verify url parameters using the shared secret.
import base64
import hashlib
import hmac
import urllib
 
shared_secret = 'e30171d41baad4372c73f72335789915'
url_params = {
    "client_id": "..",
    "id": "..",
    "service_id": "..",
    "total": "..",
    "signature": "..",
}
 
# Create canonicalized string, which excludes the signature
canonicalized = urllib.urlencode(sorted((k, v) for (k, v) in url_params.items()
                                        if k != 'signature'))
 
# Get out the signature using the secret key
sig_hash = hmac.new(shared_secret, canonicalized, hashlib.sha256)
signature = base64.b64encode(sig_hash.digest())
 
# Success! (hopefully)
assert signature == url_params['signature']

<?php
$secret = 'e30171d41baad4372c73f72335789915';
 
$check = $_POST;
unset($check['signature']);
ksort($check);
$request = http_build_query($check);
$signature = base64_encode(hash_hmac('sha256', $request, $secret, true));
 
if ($signature === $_POST['signature']) {
  print "Transaction confirmed\n";
}else{
  print "Signature was not correct\n";
}