Calculating signature
The signature used in FlexPay requests and postbacks is calculated as SHA-1 hash (hexadecimal output) from the request parameters.
The first parameter has to be your signatureKey, followed by the parameters ordered alphabetically by their names.
Optional arguments that are used (have value) must be contained in the signature calculation. Optional arguments that are not used must not be contained in the signature calculation.
The email and oneClickToken parameters in "startorder" request are NOT included in the signature calculations.
It is mandatory to convert arguments values into UTF-8 before computing the signature.
e.g.
signature = sha1_hex( signatureKey + ":description=" + description + ":period=" + period + ":priceAmount=" + priceAmount + ":priceCurrency=" + priceCurrency + ":referenceID=" + referenceID + ":shopID=" + shopID + ":subscriptionType=" + subscriptionType + ":type=" + type + ":version=" + version )
Example calculation:
| Parameter | Value | |
|---|---|---|
| (signatureKey) | BddJxtUBkDgFB9kj7Zwguxde4gAqha | |
| description | Super video download | |
| priceAmount | 9.99 | |
| priceCurrency | USD | |
| custom1 | xxyyzz | |
| shopID | 64233 | |
| type | purchase | |
| version | 3.2 |
Signature calculation using the values above:
signature = sha1_hex(BddJxtUBkDgFB9kj7Zwguxde4gAqha:custom1=xxyyzz:description=Super video download:priceAmount=9.99:priceCurrency=USD:shopID=64233:type=purchase:version=3.2) => 3f27723dc11c49dbd01706410f44e6eeff9e8ebf
The FlexPay purchase request then is:https://secure.verotel.com/startorder?custom1=xxyyzz&description=Super+video+download&priceAmount=9.99&priceCurrency=USD&shopID=64233&type=purchase&version=3.2&signature=3f27723dc11c49dbd01706410f44e6eeff9e8ebf