Signature

Signature is a string in hexadecimal format, formed by one-way encoding. This string cannot be decoded or generated independently without knowing all the necessary components. The signature is based on the potential importance of each request parameter.

The SHA-1 hash algorithm is used to generate the signature.

Secure Hash Algorithm 1 – cryptographic hashing algorithm. For an input message of arbitrary length (maximum 2^64 bits, which is approximately 2 exabytes), the algorithm generates a 160-bit hash value, also called a message digest. Used in many cryptographic applications and protocols.

Signature generation algorithm

  1. A signature line is generated:

    • all query parameters are sorted alphabetically by parameter names;

    • sorted non-empty parameters are sequentially concatenated into one string (concatenation) using a separator character between them;

    • The “salt” of the site (salt) is added to the end of the created line through a separator character.

  2. The SHA-1 hash is taken from the received string.

Example code for generating signature

import hashlib

salt = 'test_salt'
input_params = {
    'site_id': '1',
    'site_login': 'test_login',
    "merchant_id": "merch_id",
    'customer_ip': '1.2.3.4',
    'currency': 'USD',
    'additional_fields': {
        "bank_name": "Citibank",
        "card_holder": "John Wick",
        "card_number": "0000000000000"
    }

}
params = {}
for k, v in input_params.items():
    if isinstance(v, list):
        new_v = ';'.join(sorted(map(str, v)))
        params[str(k)] = str(new_v)
    elif isinstance(v, dict):
        sorted_dict = sorted(v)
        new_v = ';'.join(f'{key}:{v[key]}' for key in sorted_dict)
        params[str(k)] = str(new_v)
    else:
        params[str(k)] = str(v)

sign_str =  ';'.join(['%s:%s' % (k.lower(), params[k])  # noqa UP031
                 for k in sorted(params.keys()) if params[k].strip() != '']
                ) + ';'

signature =  hashlib.sha1(sign_str.encode('utf-8') + salt.encode('utf-8')).hexdigest()

Rules for forming a signature

  • The encoding of the signed string is UTF-8;

  • Query parameter names are presented in lowercase. The string may include Latin letters from a to z, numbers from 0 to 9, and the underscore “_”;

  • The semicolon “;” is used as a separator character between parameters.

  • Each parameter is appended as a substring ”param_name:param_value”, where param name is the name of the parameter, param_value is the value of the parameter, colon is the internal separator;

  • If the parameter value is an array, then its elements are also sorted in ascending order of their keys and sequentially connected by a delimiter character. In this case, array elements (nested arrays) are skipped and the delimiter character is not added;

  • To avoid double signing, the “signature” parameter is always excluded from the signature.

PreviousGet Failed Invoices

Last updated