Authentication Overview
client-id
and client-secret
client-id
and client-secret
.Signature validation is a crucial step in processing events or responses received from Swwipe.
These entities carry a payload that includes an HMAC
(Hash-based Message Authentication Code) property.
The purpose of this property is to ensure the integrity and authenticity of the data transmitted. The HMAC
property is generated as a Hexadecimal HMAC256
hash,
computed based on a combination of parameters, including MerchantRef
, CurrencyCode
, and Amount
, using the MerchantSecret
as the secret key.
Before proceeding with the processing of any transaction, it is imperative to validate the HMAC
property to confirm the data’s integrity and origin. The following section provides a sample function that
can be used to obtain the HMAC value for verification.
Sample Function: HexHMACHash256
TheHexHMACHash256
function is used to calculate the HMAC256
hash for a given input value using the provided MerchantSecret
key.
It is crucial to construct the input value as the concatenation of MerchantRef
, CurrencyCode
, and Amount
.
In the provided function, value
should be constructed as the concatenation ofMerchantRef
, CurrencyCode
, and Amount
, while maggi
represents the MerchantSecret key.
By calling this function and comparing the result with the HMAC property received from SwwipePay, you can ensure the authenticity and integrity of the data before proceeding with transaction processing.