Authentication Overview
Key Type | Purpose | Usage Location | Security Level |
---|---|---|---|
Client ID | Username for API authentication | Server-side API requests | Sensitive - Server only |
Client Secret | Password for API authentication | Server-side API requests | Highly Sensitive - Server only |
Merchant Key | Loading payment modal popup | Client-side JavaScript | Public - Can be exposed |
client-id
and client-secret
with a colon separatortxn_reference_here
is your transaction reference.
HMAC
(Hash-based Message Authentication Code) property.
The purpose of this property is to ensure the integrity and authenticity of the data transmitted. The HMAC
property is generated as a Hexadecimal HMAC256
hash,
computed based on a combination of parameters, including MerchantRef
, CurrencyCode
, and Amount
, using the MerchantSecret
as the secret key.
HMAC
property to confirm the data’s integrity and origin. The following section provides a sample function that
can be used to obtain the HMAC value for verification.
Sample Function: HexHMACHash256
TheHexHMACHash256
function is used to calculate the HMAC256
hash for a given input value using the provided MerchantSecret
key.
It is crucial to construct the input value as the concatenation of MerchantRef
, CurrencyCode
, and Amount
.
MerchantRef
, CurrencyCode
, Amount
MerchantRef + CurrencyCode + Amount
value
should be constructed as the concatenation ofMerchantRef
, CurrencyCode
, and Amount
, while maggi
represents the MerchantSecret key.
By calling this function and comparing the result with the HMAC property received from SwwipePay, you can ensure the authenticity and integrity of the data before proceeding with transaction processing.