Signature

To extend the security, all the API methods requires the generation of a signature with the arguments of your query.

This signature is also sent with the API responses and you can check the integrity.

The signature is composed of all your query fields, sorted in alphabetical order, concatenated together with the separator "$".

At this string you have to add your API key.

The final string made must be hashed through the SHA-1 algorithm to provide the safety signature.


Here is a sample of signature generation :


For example, if you want make a direct payment, here’s your array parameters :

						// Pseudo code
						[
							"Amount": 1234,
							"Uid": "Abc123",
							"Email": "john@doe.com",
							"CardNumber": "1234567897654321",
							"CardMonth": "09",
							"CardYear": "2016",
							"CardCVV": "123",
							"ClientIp": "89.184.22.134"
						]
					

You must sort the argument names by alphabetical order :

						// Pseudo code
						[
							"Amount": 1234,
							"CardCVV": "123",
							"CardMonth": "09",
							"CardNumber": "1234567897654321",
							"CardYear": "2016",
							"ClientIp": "89.184.22.134"
							"Email": "john@doe.com",
							"Uid": "Abc123",
						]
					

You create a new string composed of the values of the arguments sorted, separated by $ :

						1234$123$09$1234567897654321$2016$89.184.22.134$john@doe.com$Abc123
					

You finish the chain by adding the character $ followed by your API key :

						1234$123$09$1234567897654321$2016$89.184.22.134$john@doe.com$Abc123$mettezicivotreclédapi
					

Finally, apply the SHA-1 algorithm on the entire chain to obtain a signature like it :

						56041a82332797199817f4dcbcb9506c64bd0dc5
					

You can now provide the key in your query and call the service :

						// Pseudo code
						[
							"Amount": 1234,
							"CardCVV": "123",
							"CardMonth": "09",
							"CardNumber": "1234567897654321",
							"CardYear": "2016",
							"ClientIp": "89.184.22.134"
							"Email": "john@doe.com",
							"Uid": "Abc123",
							"Signature": "56041a82332797199817f4dcbcb9506c64bd0dc5"
						]
					

You can use the following PHP functions. You need to call getSignature() to which you pass the parameters to be sent to the API as well as your secret API key :

						<?php
						function getSignature($params, $apiKey)
						{
							if (isset($params['Signature']))
								unset($params['Signature']);
	
							$chain = is_array($params) ? implode('$', formatSignature($params)) : $params;
							return sha1($chain.'$'.$apiKey);
						}
	
						function formatSignature($params)
						{
							ksort($params);
							foreach ($params as $key => $value)
							{
								if (is_array($value))
								{
									ksort($value);
									$params[$key] = implode('$', formatSignature($value));
								}
							}
	
							return $params;
						}
						?>