Skip to main content

Simple webservices to check the potential fraud for a payment and obtain a score.

Signature

To extend the security, all the API methods requires the generation of a signature with the arguments of your query.

This signature is also sent with the API responses and you can check the integrity.

The signature is composed of all your query fields, sorted in alphabetical order, concatenated together with the separator "$".

At this string you have to add your API key.

The final string made must be hashed through the SHA-1 algorithm to provide the safety signature.

Here is a sample of signature generation :

For example, if you want to check a payment, here’s your array parameters :


[
    "Amount": 1234,
    "Currency": "EUR",
    "Hash": "4420d1918bbcf7686defdf9560bb5087d20076dc5f77b7cb4c3b40bf46ec428b",
    "MID": "Def456",
    "TID": "Abc123",
    "BIN": "41111111",
    "ClientIp": "89.184.22.134"
]

You must sort the argument names by alphabetical order :


[
    "Amount": 1234,
    "BIN": "41111111",
    "ClientIp": "89.184.22.134",
    "Currency": "EUR",
    "Hash": "4420d1918bbcf7686defdf9560bb5087d20076dc5f77b7cb4c3b40bf46ec428b",
    "MID": "Def456",
    "TID": "Abc123"
]

You create a new string composed of the values of the arguments sorted, separated by $ :

1234$41111111$89.184.22.134$EUR$4420d1918bbcf7686defdf9560bb5087d20076dc5f77b7cb4c3b40bf46ec428b$Def456$Abc123

You finish the chain by adding the character $ followed by your API key :

1234$41111111$89.184.22.134$EUR$4420d1918bbcf7686defdf9560bb5087d20076dc5f77b7cb4c3b40bf46ec428b$Def456$Abc123$YOURAPIKEY

Finally, apply the SHA-1 algorithm on the entire chain to obtain a signature like it :

5d9243a14da3606e0778ffdb0c5accc048a1d5e0

You can now provide the key in your query and call the service :


[
    "Amount": 1234,
    "Currency": "EUR",
    "Hash": "4420d1918bbcf7686defdf9560bb5087d20076dc5f77b7cb4c3b40bf46ec428b",
    "MID": "Def456",
    "TID": "Abc123",
    "BIN": "411111",
    "ClientIp": "89.184.22.134"
    "Signature": "5d9243a14da3606e0778ffdb0c5accc048a1d5e0"
]

Here is an example of signature generation in PHP. You need to call getSignature() to which you pass the parameters to be sent to the API as well as your secret API key :


<?php
  function getSignature($params, $apiKey)
  \{
      if (isset($params['Signature']))
          unset($params['Signature']);
  
      $chain = is_array($params) ? implode('$', formatSignature($params)) : $params;
      return sha1($chain.'$'.$apiKey);
  \}
  
  function formatSignature($params)
  \{
      ksort($params);
      foreach ($params as $key => $value)
      \{
          if (is_array($value))
          \{
              ksort($value);
              $params[$key] = implode('$', formatSignature($value));
          \}
      \}
  
      return $params;
  \}
?>