GuidesAPI Reference

Signing Mechanism

Calculating API Signature for Paybright API Requests

Suggest Edits

All API requests and responses must be signed/verified using HMAC-SHA256 where:

  • Key is the ApiToken
  • Message is a string of all key-value pairs that start with x_ prefix, sorted alphabetically, and concatenated without separators.

πŸ“˜

Contact Paybright Team to get the API Token for Signature Calculation

Checkout APIs

x_signature for Checkout APIs is calculated using the API Token provided by Paybright and a string of all the non-empty and non-null key-value pairs that start with x_prefix concatenated without separators.

Refer to the following example highlighting the Signature Creation Mechanism

<?php
$body = array(
    'x_account_id' => 'Z9s7Yt0Txsqbbx',
    'x_amount' => '1250.00',
    'x_currency' => 'CAD',
    'x_customer_billing_address1' => '22 Viewcrest Cir',
    'x_customer_billing_city' => 'Etobicoke',
    'x_customer_billing_country' => 'CA',
    'x_customer_billing_phone' => '5197152482',
    'x_customer_billing_state' => 'ON',
    'x_customer_billing_zip' => 'N9W7G5',
    'x_customer_email' => '[email protected]',
    'x_customer_first_name' => 'Jamie',
    'x_customer_last_name' => 'Testhet',
    'x_customer_phone' => '5197152482',
    'x_customer_shipping_address1' => '22 Viewcrest Cir',
    'x_customer_shipping_city' => 'Etobicoke',
    'x_customer_shipping_country' => 'CA',
    'x_customer_shipping_first_name' => 'Jamie',
    'x_customer_shipping_last_name' => 'Testhet',
    'x_customer_shipping_phone' => '5197152482',
    'x_customer_shipping_state' => 'ON',
    'x_customer_shipping_zip' => 'N9W7G5',
    'x_reference' => '9111379',
    'x_shop_country' => 'CA',
    'x_plan_id' => '1',
    'x_shop_name' => 'Test Store',
    'x_test' => 'true',
    'x_url_callback' => 'https://mystore.io/ping/1',
    'x_url_cancel' => 'https://mystore.io/orders/1/cart',
    'x_url_complete' => 'https://mystore.io/orders/1/done'
);

$bodyString = http_build_query($body);

// signature creation for Auth API
$signatureString = '';

foreach (explode('&', $bodyString) as $chunk) {
    $param = explode("=", $chunk);
    if ($param && $param[1] != '') { // excluding null and empty values
        $signatureString = $signatureString . urldecode($param[0]) . urldecode($param[1]);
    }
}

$pb_sig = hash_hmac('sha256', $signatureString, "9O49jqV5mW5wWvctuk3mjs9WW5A4VgW5wrtRSvaYSHfahaYOBX"); // api token used here for creating signature

$bodyString = $bodyString . '&x_signature=' . $pb_sig; // signature added to the API body

Order Management API

x_signature for all Order Management APIs (Capture, Refund, and Void) is calculated using the API Token provided by Paybright and a string of all the non-empty and non-null key-value pairs that start with x_prefix concatenated without separators.

Refer to the following example highlighting the Signature Creation Mechanism. You can replace x_transaction_type with capture, void, or refund in the sample below:

<?php
$signatureString2 = "x_account_id" . "Z9s7Yt0Txsqbbx" . "x_amount" . "1000.99"
    . "x_currency" . "CAD" . "x_gateway_reference" . "49846" . "x_reference" . "9561062867018" .
    "x_test" . "true" .
    "x_transaction_type" . "capture" .
    "x_url_callback" . "https://mystore.io/ping/1";
$pb_sig_2 = hash_hmac('sha256', $signatureString2, "9O49jqV5mW5wWvctuk3mjs9WW5A4VgW5wrtRSvaYSHfahaYOBX"); // api token used here for creating signature

πŸ‘

Paybright Hosted Web Page to Create Signatures

You can also generate the API signatures from the following test page:
https://sandbox.paybright.com/CheckOut_Signature/Sign_main.aspx

Updated over 3 years ago