• France
lyra.com
Search
Categories
Tags
docs.
France
Spain
Europe (English)
India
Home
Implementation
Embedded form (cards)
REST payment API
REST PCI-DSS payment API
REST SEPA API
Hosted payment
Data collection form
File exchange
Mobile payment
Snippets
Plugins
Marketplace
Back Office
Merchant Back Office
Expert Back Office
Guides
Help
FAQ
Video tutorials
Support

Ensuring interaction integrity

The integrity of exchanged information is preserved by the exchange of alphanumeric signatures between the payment platform and the merchant website.

The payment gateway and the merchant website interact via HTML forms.

A form contains a list of specific fields (see chapter Generating a payment form) used to generate a chain.

This chain is then converted to a smaller chain using a hash function ( SHA-1, HMAC-SHA-256).

The merchant will be able to choose the hash algorithm in their Expert Back Office (see chapter Choosing the hash algorithm).

The resulting chain is referred to as the digest ( empreinte in French) of the initial chain.

The digest must be transmitted in the signature field (see chapter Computing the signature).

Modeling security mechanisms:

Figure 1. Diagram of a security mechanism
  1. The merchant website builds the form data and computes the signature.
  2. The merchant website submits the form to the gateway.
  3. The gateway receives the form data and computes the signature.
  4. The gateway compares the computed signature with the signature that was transmitted by the merchant website.
  5. If the signatures are different, the payment request is rejected.

    If not, the gateway proceeds to payment.

  6. The gateway builds the result data and computes the response signature.
  7. Depending on the shop configuration (see chapter Setting up notifications), the payment gateway transmits the payment result to the merchant website.
  8. The merchant website receives the data and computes the signature. It compares the computed signature with the signature that was transmitted by the payment gateway.
  9. If the signatures are different, the merchant analyses the source of the error (computation error, attempted fraud, etc.).

    If not, the merchant proceeds to update their database (stock status, order status, etc.).

Recruitment

Head Office :

LYRA NETWORK
109, rue de l’innovation
31670 Labège
FRANCE

2.9.0-doc-1.8