- A Signature is a MD5 or HMAC-SHA256 (based on hashType parameter) hash string combination of a sequence of parameters and a Secret Key.
- MD5 is obsoleted in v2, merchant is recommended to use HMAC-SHA256
- Secret Key is a server-side shared secret, this key is assigned to merchants by RMS.
- All parameters used in the message exchange will form a part of the signature hash Except:
- Empty parameter value (NOT zero)
- Signature parameter itself.
- All parameter values that form a part of the signature hash must sort alphabetically based on parameter name.
- All parameters that form a part of the signature hash must be in their original form (not URL encoded).
- All parameters that form a part of the signature hash ARE case sensitive.
- All strings will have leading and trailing whitespace stripped off.
Example using MD5
The following example explains how to generate signature for parameters with non-empty values:
Secret Key: Ziu61T9xY227aazS530Pk8C5424y663r
| Parameter Name | Value |
|---|---|
| applicationCode | 3f2504e04f8911d39a0c0305e82c3301 |
| referenceId | TRX1708901 |
| authorizationCode | 12345678912345678 |
| authorizationCodeType | 1 |
| channelId | 16 |
| currencyCode | MYR |
| description | Sample |
| amount | 10.00 |
| storeId | 17001 |
| terminalId | 17001001 |
| version | v1 |
- Sort parameter values ordered by parameter name alphabetically.
amount + applicationCode + authorizationCode + authorizationCodeType + channelId + currencyCode + description + referenceId + storeId + terminalId + version + secretKey- Concatenate/combine the actual parameter's value.
10.003f2504e04f8911d39a0c0305e82c330112345678912345678916MYRSampleTRX17089011700117001001v1Ziu61T9xY227aazS530Pk8C5424y663r- Hash concatenated string using MD5 algorithm.
MD5(10.003f2504e04f8911d39a0c0305e82c330112345678912345678916MYRTX17089011700117001001v1Ziu61T9xY227aazS530Pk8C5424y663r) = bee92e0042f51e9f3d626fe8b2b47069- Use hashed value generated from above step as Signature parameter.
applicationCode=3f2504e04f8911d39a0c0305e82c3301&referenceId=TRX1708901&authorizationCode=12345678912345678&authorizationCodeType=1&channelId=16&ccyCode=MYR&description=Sample&amount=10.00&storeId=17001&terminalId=17001001&version=v1&signature=bee92e0042f51e9f3d626fe8b2b47069Example using HMAC-SHA256
The following example explains how to generate signature for parameters with non-empty values:
Secret Key: Ziu61T9xY227aazS530Pk8C5424y663r
| Parameter Name | Value |
|---|---|
| applicationCode | 3f2504e04f8911d39a0c0305e82c3301 |
| referenceId | TRX1708901 |
| authorizationCode | 12345678912345678 |
| authorizationCodeType | 1 |
| channelId | 16 |
| currencyCode | MYR |
| description | Sample |
| amount | 10.00 |
| storeId | 17001 |
| terminalId | 17001001 |
| version | v1 |
| hashType | hmac-sha256 |
- Sort parameter values ordered by parameter name alphabetically.
amount + applicationCode + authorizationCode + authorizationCodeType + channelId + currencyCode + description + hashType + referenceId + storeId + terminalId + version- Concatenate/combine the actual parameter's value.
10.003f2504e04f8911d39a0c0305e82c330112345678912345678916MYRSamplehmac-sha256TRX170890117001170010001v1- Hash concatenated string using HMAC-SHA256 algorithm with the secret key.
HMAC-SHA256 result = db0624605d8a8b9c40b3eeb97f906a454195f1b35d1a2f9b75700e1e8ec942ba- Use hashed value generated from above step as Signature parameter.
applicationCode=3f2504e04f8911d39a0c0305e82c3301&referenceId=TRX1708901&authorizationCode=12345678912345678&authorizationCodeType=1&channelId=16&ccyCode=MYR&description=Sample&amount=10.00&storeId=17001&terminalId=17001001&version=v1&hashType=hmacsha256&signature=db0624605d8a8b9c40b3eeb97f906a454195f1b35d1a2f9b75700e1e8ec942baExample For v4 API
The following example explains how to generate signature for parameters with non-empty values:
Secret Key: Ziu61T9xY227aazS530Pk8C5424y663r
| Parameter Name | Value |
|---|---|
| applicationCode | 3f2504e04f8911d39a0c0305e82c3301 |
| referenceId | TRX1708901 |
| authorizationCode | 12345678912345678 |
| authorizationCodeType | 1 |
| channelId | 16 |
| currencyCode | MYR |
| description | Sample |
| amount | 10.00 |
| storeId | 17001 |
| terminalId | 17001001 |
| version | v4 |
| hashType | hmac-sha256 |
| metadata | tranID:123456 |
- Sort parameter values ordered by parameter name alphabetically.
amount + applicationCode + authorizationCode + authorizationCodeType + channelId + currencyCode + description + hashType + metadata + referenceId + storeId + terminalId + version- Concatenate/combine the actual parameter's value.
10.003f2504e04f8911d39a0c0305e82c330112345678912345678916MYRSamplehmac-sha256tranID:123456TRX170890117001170010001v1- Hash concatenated string using HMAC-SHA256 algorithm with the secret key.
HMAC-SHA256 result = d28aec422b283cbc8bc1dbfeb7ba0d03fc8b0b7a42fce827019d5540063063ad- Use hashed value generated from above step as Signature parameter.
applicationCode=3f2504e04f8911d39a0c0305e82c3301&referenceId=TRX1708901&authorizationCode=12345678912345678&authorizationCodeType=1&channelId=16¤cyCode=MYR&description=Sample&amount=10.00&storeId=17001&terminalId=17001001&metadata=tranID:123456&version=v1&hashType=hmacsha256&signature=d28aec422b283cbc8bc1dbfeb7ba0d03fc8b0b7a42fce827019d5540063063ad