Computing the signature

To be able to compute the signature, you must have:
  • all the fields that start with vads_
  • the signature algorithm chosen in the shop configuration
  • the key

The value of the key is available in your Merchant Back Office via Settings > Shop > Keys tab.

The signature algorithm is defined in your Merchant Back Office via Settings > Shop > Configuration tab.

To compute the signature:

  1. Sort the fields that start with vads_ alphabetically.
  2. Make sure that all the fields are encoded in UTF-8.
  3. Concatenate the values of these fields separating them with the "+" character.
  4. Concatenate the result with the production key separating them with a "+".
  5. Compute and encode in Base64 format the signature using the HMAC-SHA-256 algorithm with the following parameters:
    • the SHA-256 hash function,
    • the test or production key (depending on the value of the vads_ctx_mode field) as a shared key,
    • the result of the previous step as the message to authenticate.
  6. Save the result of the previous step in the signature field.
Example of parameters sent to the payment gateway:
<form method="POST" action="https://payzenindia-q08.lyra-labs.fr/vads-payment/">
	<input type="hidden" name="vads_action_mode" value="INTERACTIVE" />
	<input type="hidden" name="vads_amount" value="5124" />
	<input type="hidden" name="vads_ctx_mode" value="PRODUCTION" />
	<input type="hidden" name="vads_currency" value="356" />
	<input type="hidden" name="vads_cust_address" value="flat605,Highland street"/>
	<input type="hidden" name="vads_cust_cell_phone" value="9892452635" />
	<input type="hidden" name="vads_cust_city" value="Mumbai" />
	<input type="hidden" name="vads_cust_country" value="India" />
	<input type="hidden" name="vads_cust_email" value="abc@aol.com" />
	<input type="hidden" name="vads_cust_first_name" value="Amit" />
	<input type="hidden" name="vads_cust_last_name" value="Mehta" />
	<input type="hidden" name="vads_cust_state" value="Maharashtra" />
	<input type="hidden" name="vads_cust_zip" value="400601" />						
	<input type="hidden" name="vads_page_action" value="PAYMENT" />
	<input type="hidden" name="vads_payment_config" value="SINGLE" />
	<input type="hidden" name="vads_redirect_error_message" value="Error Message" />
	<input type="hidden" name="vads_redirect_error_timeout" value="0" />
	<input type="hidden" name="vads_redirect_success_message" value="Success Message" />
	<input type="hidden" name="vads_redirect_success_timeout" value="0" />
	<input type="hidden" name="vads_return_mode" value="POST" />
	<input type="hidden" name="vads_site_id" value="12345678" />
	<input type="hidden" name="vads_trans_date" value="20170129130025" />
	<input type="hidden" name="vads_trans_id" value="1234kL" />
	<input type="hidden" name="vads_url_return" value="www.abc.com" />
	<input type="hidden" name="vads_version" value="V2" />
	<input type="hidden" name="signature" value="aeab3116f867d05680635ca6926b7a8d89a0ce34" />					
	<input type="submit" name="pay" value="Pay"/>
	</form>

This sample form is analyzed as follows:

  1. The fields which names start with vads_ are sorted alphabetically:
    • vads_action_mode
    • vads_amount
    • vads_ctx_mode
    • vads_currency
    • vads_cust_address
    • vads_cust_cell_phone
    • vads_cust_city
    • vads_cust_country
    • vads_cust_email
    • vads_cust_first_name
    • vads_cust_last_name
    • vads_cust_state
    • vads_cust_zip
    • vads_page_action
    • vads_payment_config
    • vads_redirect_error_message
    • vads_redirect_error_timeout
    • vads_redirect_success_message
    • vads_redirect_success_timeout
    • vads_return_mode
    • vads_site_id
    • vads_trans_date
    • vads_trans_id
    • vads_url_return
    • vads_version
  2. The values of these fields are concatenated using the "+" character:
    INTERACTIVE+5124+PRODUCTION+356+flat605,Highland street+9892452635+Mumbai+India+abc@aol.com+Amit+Mehta+Maharashtra+400601+PAYMENT+SINGLE+Declined+0+Success+0+POST+12345678+20170129130025+1234kL+www.abc.com+V2
  3. The value of the key is added at the end of the chain and separated with the "+" character. In this example, the key is 1122334455667788
    INTERACTIVE+5124+PRODUCTION+356+flat605,Highland street+9892452635+Mumbai+India+abc@aol.com+Amit+Mehta+Maharashtra+400601+PAYMENT+SINGLE+Declined+0+Success+0+POST+12345678+20170129130025+1234kL+www.abc.com+V2+1122334455667788
  4. Compute and encode in Base64 format the message signature using the HMAC-SHA-256 algorithm with the following parameters:
    • the SHA-256 hash function,
    • the test or production key (depending on the value of the vads_ctx_mode field) as a shared key,
    • the result of the previous step as the message to authenticate.

    The result that must be transmitted in the signature field is:

    5EQp0n6SXOOGaSPTQGd9Vkaw/SVz28eSFu76MHgQTmM=