vcode (in payment request)
**vcode ** is to ensure the data integrity passed from merchant-end (either website or mobile APP) to the payment page to avoid man-in-the-middle (MITM) attack. It uses “Verify Key”(like a public key) in combination with the data string for hashing purposes.
It becomes mandatory for each transaction if “Enable Verify Payment” is activated in merchant profile as shown:
vcode was generated using MD5 encryption hash function and consists of the following information (must be set in the following orders) :
- Transaction amount
- Merchant ID
- Order ID
- Verify Key
Extra parameters which are **COMPULSORY ** for merchants accepting multi currency channels. To have these values calculated in the hash. Kindly enable it from Merchant Portal (Transactions -> Settings). Enable the option “Use extended format for Verify Payment” to include the following, which is essential for digital product or instant delivery services:
- Currency
Formula to generate vcode
vcode = md5( {amount}{merchantID}{orderID}{verify_key} )Formula with extended vcode enabled
vcode = md5( {amount}{merchantID}{orderID}{verify_key}{currency} )Example to generate vcode for PHP developer
<?php
$amount = “27.60”;
$currency = “MYR”;
$merchantID = “ACME”;
$orderid = “OD8842”;
$verifykey = “f5bb0c8de146c67b44babbf4e6584cc0”;
// Replace f5bb0c8de146c67b44babbf4e6584cc0 with your Verify Key
// vcode formula
//$vcode = md5( $amount.$merchantID.$orderid.$verifykey ); //extended vcode off
$vcode = md5( $amount.$merchantID.$orderid.$verifykey.$currency );
// output of the vcode based on above information equals to :
$vcode = “5bf33e6500a53830d4f80087b67e13de”;
?>**Verification tool for vcode **
To verify whether the vcode generated is correct, merchant may check on this URL:-https://api.fiuu.com/RMS/query/vcode.php
What happens if a merchant passes in an incorrect vcode?
An error will be displayed on the payment page as shown:
Updated 18 days ago