A Signature is a MD5 or HMAC-SHA256 (based on hashType parameter) hash string combination of a sequence of parameters and a Secret Key.
MD5 is obsoleted in v2, merchant is recommended to use HMAC-SHA256
Secret Key is a server-side shared secret, this key is assigned to merchants by RMS.
All parameters used in the message exchange will form a part of the signature hash Except:
- Empty parameter value (NOT zero)
- Signature parameter itself.
All parameter values that form a part of the signature hash must sort alphabetically based on parameter name.
All parameters that form a part of the signature hash must be in their original form (not URL encoded).
All parameters that form a part of the signature hash ARE case sensitive.
All strings will have leading and trailing whitespace stripped off.

Example using MD5

The following example explains how to generate signature for parameters with non-empty values:

Secret Key: Ziu61T9xY227aazS530Pk8C5424y663r

Parameter Name	Value
applicationCode	3f2504e04f8911d39a0c0305e82c3301
referenceId	TRX1708901
authorizationCode	12345678912345678
authorizationCodeType	1
channelId	16
currencyCode	MYR
description	Sample
amount	10.00
storeId	17001
terminalId	17001001
version	v1

Sort parameter values ordered by parameter name alphabetically.

amount + applicationCode + authorizationCode + authorizationCodeType + channelId + currencyCode + description + referenceId + storeId + terminalId + version + secretKey

Concatenate/combine the actual parameter's value.

10.003f2504e04f8911d39a0c0305e82c330112345678912345678916MYRSampleTRX17089011700117001001v1Ziu61T9xY227aazS530Pk8C5424y663r

Hash concatenated string using MD5 algorithm.

MD5(10.003f2504e04f8911d39a0c0305e82c330112345678912345678916MYRTX17089011700117001001v1Ziu61T9xY227aazS530Pk8C5424y663r) = bee92e0042f51e9f3d626fe8b2b47069

Use hashed value generated from above step as Signature parameter.

applicationCode=3f2504e04f8911d39a0c0305e82c3301&referenceId=TRX1708901&authorizationCode=12345678912345678&authorizationCodeType=1&channelId=16&ccyCode=MYR&description=Sample&amount=10.00&storeId=17001&terminalId=17001001&version=v1&signature=bee92e0042f51e9f3d626fe8b2b47069

Example using HMAC-SHA256

The following example explains how to generate signature for parameters with non-empty values:

Secret Key: Ziu61T9xY227aazS530Pk8C5424y663r

Parameter Name	Value
applicationCode	3f2504e04f8911d39a0c0305e82c3301
referenceId	TRX1708901
authorizationCode	12345678912345678
authorizationCodeType	1
channelId	16
currencyCode	MYR
description	Sample
amount	10.00
storeId	17001
terminalId	17001001
version	v1
hashType	hmac-sha256

Sort parameter values ordered by parameter name alphabetically.

amount + applicationCode + authorizationCode + authorizationCodeType + channelId + currencyCode + description + hashType + referenceId + storeId + terminalId + version

Concatenate/combine the actual parameter's value.

10.003f2504e04f8911d39a0c0305e82c330112345678912345678916MYRSamplehmac-sha256TRX170890117001170010001v1

Hash concatenated string using HMAC-SHA256 algorithm with the secret key.

HMAC-SHA256 result = db0624605d8a8b9c40b3eeb97f906a454195f1b35d1a2f9b75700e1e8ec942ba

Use hashed value generated from above step as Signature parameter.

applicationCode=3f2504e04f8911d39a0c0305e82c3301&referenceId=TRX1708901&authorizationCode=12345678912345678&authorizationCodeType=1&channelId=16&ccyCode=MYR&description=Sample&amount=10.00&storeId=17001&terminalId=17001001&version=v1&hashType=hmacsha256&signature=db0624605d8a8b9c40b3eeb97f906a454195f1b35d1a2f9b75700e1e8ec942ba

Example For v4 API

The following example explains how to generate signature for parameters with non-empty values:

Secret Key: Ziu61T9xY227aazS530Pk8C5424y663r

Parameter Name	Value
applicationCode	3f2504e04f8911d39a0c0305e82c3301
referenceId	TRX1708901
authorizationCode	12345678912345678
authorizationCodeType	1
channelId	16
currencyCode	MYR
description	Sample
amount	10.00
storeId	17001
terminalId	17001001
version	v4
hashType	hmac-sha256
metadata	tranID:123456

Sort parameter values ordered by parameter name alphabetically.

amount + applicationCode + authorizationCode + authorizationCodeType + channelId + currencyCode + description + hashType + metadata + referenceId + storeId + terminalId + version

Concatenate/combine the actual parameter's value.

10.003f2504e04f8911d39a0c0305e82c330112345678912345678916MYRSamplehmac-sha256tranID:123456TRX170890117001170010001v1

Hash concatenated string using HMAC-SHA256 algorithm with the secret key.

HMAC-SHA256 result = d28aec422b283cbc8bc1dbfeb7ba0d03fc8b0b7a42fce827019d5540063063ad

Use hashed value generated from above step as Signature parameter.

applicationCode=3f2504e04f8911d39a0c0305e82c3301&referenceId=TRX1708901&authorizationCode=12345678912345678&authorizationCodeType=1&channelId=16&currencyCode=MYR&description=Sample&amount=10.00&storeId=17001&terminalId=17001001&metadata=tranID:123456&version=v1&hashType=hmacsha256&signature=d28aec422b283cbc8bc1dbfeb7ba0d03fc8b0b7a42fce827019d5540063063ad