Computing the IPN signature
The signature is computed by following the same logic as for creating the payment request.
The data submitted by the payment gateway is encoded in UTF-8. Any alteration of received data will result in signature computation error.
You must compute the signature with the fields received in the notification and not the ones that you transmitted in the payment request.
- Take all the fields whose name starts with vads_.
- Sort these fields alphabetically.
- Concatenate the values of these fields separating them with the "+” character.
- Concatenate the result with the test orproduction key separating them with the "+” characte.
- According to the signature algorithm defined in your shop configuration:
- If your shop is configured to use “SHA-1”, apply the SHA-1 hash function to the chain obtained during the previous step. Deprecated.
- If your shop is configured to use “HMAC-SHA-256”, compute and encode in Base64 format the message signature using the HMAC-SHA-256 algorithm with the following parameters:
- the SHA-256 hash function,
- the test or production key (depending on the value of the field vads_ctx_mode) as a shared key,
- the result of the previous step as the message to authenticate.
Examples in PHP:
function getSignature ($params,$key) { /** *Function that computes the signature. * $params: table containing the fields received in the IPN. * $key : TEST or PRODUCTION key */ //Initialization of the variable that will contain the string to encrypt $signature_contents = ""; //Sorting fields alphabetically ksort($params); foreach($params as $name=>$value){ //Recovery of vads_ fields if(substr($name,0,5)=='vads_'){ //Concatenation with "+" $signature_contents .= $value."+"; } } //Adding the key at the end $signature_contents .= $key; //Encoding base64 encoded chain with HMAC-SHA-256 algorithm $sign = base64_encode(hash_hmac('sha256',$signature_contents, $key, true)); return$sign; }