Signing Mechanism
Calculating API Signature for Paybright API Requests
All API requests and responses must be signed/verified using HMAC-SHA256 where:
- Key is the ApiToken
- Message is a string of all key-value pairs that start with x_ prefix, sorted alphabetically, and concatenated without separators.
Contact Paybright Team to get the API Token for Signature Calculation
Checkout APIs
x_signature for Checkout APIs is calculated using the API Token provided by Paybright and a string of all the non-empty and non-null key-value pairs that start with x_prefix concatenated without separators.
Refer to the following example highlighting the Signature Creation Mechanism
<?php
$body = array(
'x_account_id' => 'Z9s7Yt0Txsqbbx',
'x_amount' => '1250.00',
'x_currency' => 'CAD',
'x_customer_billing_address1' => '22 Viewcrest Cir',
'x_customer_billing_city' => 'Etobicoke',
'x_customer_billing_country' => 'CA',
'x_customer_billing_phone' => '5197152482',
'x_customer_billing_state' => 'ON',
'x_customer_billing_zip' => 'N9W7G5',
'x_customer_email' => '[email protected]',
'x_customer_first_name' => 'Jamie',
'x_customer_last_name' => 'Testhet',
'x_customer_phone' => '5197152482',
'x_customer_shipping_address1' => '22 Viewcrest Cir',
'x_customer_shipping_city' => 'Etobicoke',
'x_customer_shipping_country' => 'CA',
'x_customer_shipping_first_name' => 'Jamie',
'x_customer_shipping_last_name' => 'Testhet',
'x_customer_shipping_phone' => '5197152482',
'x_customer_shipping_state' => 'ON',
'x_customer_shipping_zip' => 'N9W7G5',
'x_reference' => '9111379',
'x_shop_country' => 'CA',
'x_plan_id' => '1',
'x_shop_name' => 'Test Store',
'x_test' => 'true',
'x_url_callback' => 'https://mystore.io/ping/1',
'x_url_cancel' => 'https://mystore.io/orders/1/cart',
'x_url_complete' => 'https://mystore.io/orders/1/done'
);
$bodyString = http_build_query($body);
// signature creation for Auth API
$signatureString = '';
foreach (explode('&', $bodyString) as $chunk) {
$param = explode("=", $chunk);
if ($param && $param[1] != '') { // excluding null and empty values
$signatureString = $signatureString . urldecode($param[0]) . urldecode($param[1]);
}
}
$pb_sig = hash_hmac('sha256', $signatureString, "9O49jqV5mW5wWvctuk3mjs9WW5A4VgW5wrtRSvaYSHfahaYOBX"); // api token used here for creating signature
$bodyString = $bodyString . '&x_signature=' . $pb_sig; // signature added to the API body
Order Management API
x_signature for all Order Management APIs (Capture, Refund, and Void) is calculated using the API Token provided by Paybright and a string of all the non-empty and non-null key-value pairs that start with x_prefix concatenated without separators.
Refer to the following example highlighting the Signature Creation Mechanism. You can replace x_transaction_type with capture, void, or refund in the sample below:
<?php
$signatureString2 = "x_account_id" . "Z9s7Yt0Txsqbbx" . "x_amount" . "1000.99"
. "x_currency" . "CAD" . "x_gateway_reference" . "49846" . "x_reference" . "9561062867018" .
"x_test" . "true" .
"x_transaction_type" . "capture" .
"x_url_callback" . "https://mystore.io/ping/1";
$pb_sig_2 = hash_hmac('sha256', $signatureString2, "9O49jqV5mW5wWvctuk3mjs9WW5A4VgW5wrtRSvaYSHfahaYOBX"); // api token used here for creating signature
Paybright Hosted Web Page to Create Signatures
You can also generate the API signatures from the following test page:
https://sandbox.paybright.com/CheckOut_Signature/Sign_main.aspx
Updated over 4 years ago