Signature mismatch in Payfort payment integration

Asked 27/12, 2016 at 12:17 Answered 27/4, 2019 at 16:59

I am integrating Payfort payment gateway in my android application. I am using FORT SDKv1.2. In the post url for creating token, I am getting error "signature mismatch" always.

Can anybody tell me which signature is to be used?

url - https://sbpaymentservices.payfort.com/FortAPI/paymentApi

Jaquelinejaquelyn answered 27/12, 2016 at 12:17 Comment(7)

signature must be generated based on the request parameters and specification – Napper 28/12, 2016 at 10:6

I am doing exactly like this..but always getting same result – Jaquelinejaquelyn 28/12, 2016 at 10:31

Also , api give signature value in response.. I also use that signature value but again getting smae result. – Jaquelinejaquelyn 28/12, 2016 at 10:32

show what are your parameters in the request and payfort response – Napper 28/12, 2016 at 10:32

signature in the response is not for sending request back. It is just for you to verify if the response is coming back from correct source. You can generate signature from response fields and verify that with returned signature. – Napper 28/12, 2016 at 10:33

Can any one send the format of generate signature? – Trawl 23/1, 2018 at 9:52

Please check this question and answer, #53934070 – Prosector 29/12, 2018 at 12:24

Let me guide you step by step:

NOTE: The following is an example for the Merchant Page 2.0 request signature generation:

Step 1: Add these variables on top of your file

private final static String KEY_MERCHANT_IDENTIFIER = "merchant_identifier";
private final static String KEY_SERVICE_COMMAND = "service_command";
private final static String KEY_LANGUAGE = "language";
private final static String KEY_ACCESS_CODE = "access_code";
private final static String KEY_MERCHANT_REFERENCE = "merchant_reference";

private final static String MERCHANT_IDENTIFIER = "YOUR_MERCHANT_IDENTIFIER";
private final static String ACCESS_CODE = "YOUR_ACCESS_CODE";
private final static String SHA_TYPE = "SHA-256";
private final static String SHA_REQUEST_PHRASE = "YOUR_SHA_REQUEST_PHRASE ";
private final static String LANGUAGE_TYPE = "en";

Make sure you are using your given MERCHANT_IDENTIFIER, ACCESS_CODE and SHA_REQUEST_PHRASE by Payfort.

Step 2: Create a string

String concatenatedString = SHA_REQUEST_PHRASE +
                KEY_ACCESS_CODE + "=" + ACCESS_CODE +
                KEY_LANGUAGE + "=" + LANGUAGE_TYPE +
                KEY_MERCHANT_IDENTIFIER + "=" + MERCHANT_IDENTIFIER +
                KEY_MERCHANT_REFERENCE + "=" + YOUR_MERCHANT_REFERENCE +
                KEY_SERVICE_COMMAND + "=" + "TOKENIZATION" +
                SHA_REQUEST_PHRASE;

Here YOUR_MERCHANT_REFERENCE is your unique merchant reference. It should be unique for every request

Step 3: Create a function to generate SHA-256 type signature from your concatenatedString in Step 2

private String createSignature(String s) {
    try {
        // Create MD5 Hash
        MessageDigest digest = MessageDigest.getInstance(SHA_TYPE);
        digest.update(s.getBytes());
        byte messageDigest[] = digest.digest();

        return String.format("%0" + (messageDigest.length * 2) + 'x', new BigInteger(1, messageDigest));
    } catch (NoSuchAlgorithmException e) {
        e.printStackTrace();
    }
    return "";
}

Finally Call the createSignature function by passing your concatenatedString in Step 2.

String signature = createSignature(concatenatedString);

Subclass answered 27/4, 2019 at 16:59 Comment(4)

Do I have to include only five parameters to generate the signature in case of Apple Pay? docs.payfort.com/docs/apple-pay/build/… – Sian 18/7, 2019 at 17:14

He is talking about merchant page 2 requests parameters – Cubeb 23/12, 2019 at 18:31

@AbhishekShukla For request parameters change it according to your need which will be mentioned in PayFort document – Subclass 28/12, 2019 at 11:9

@RamiSalim is right i gave you example for merchant page 2 – Subclass 28/12, 2019 at 11:9

Change 'merchant_reference' value to one you didn't use before. It should be unique. I had the same trouble and it was fixed using it.

Sort your keys in array alphabetically, add before and after the secret phrases and then encrypt the string using your algorythm.

After it, you can use it in your requests.

Hyperpyrexia answered 2/5, 2017 at 20:27 Comment(0)

I have faced same problem and found there is problem in algorithm i hvae used while generating signature. So plz check sequence of parameters while generating signature. and check for algorithm which u have setup in account and use same algorithm while generating signature

Dreamland answered 31/1, 2017 at 10:14 Comment(0)

also make sure that the merchant reference is alphanumric and if you want to add special chars you can only add . _ -

Studer answered 24/10, 2017 at 3:42 Comment(0)

Here you can find how to generate signature.

I was facing this signature mismatch error due to concatenating wrong SHA Request Phrase to the start and end of the signature.

Tropophilous answered 30/3, 2018 at 11:27 Comment(0)

I have faced same problem and found there is problem in integration settings.Just login into your payfort account and goto payment integration settings then your merchant reference id place check SHA Type is SHA-256 and SHA Response Parse ,SHA Request Parse will same text.This same text added to your accesscode and sdk-token in the source code parameters.Please check below image once.

Danieu answered 19/1, 2019 at 6:37 Comment(0)

-1

Use this code

 String concatenatedString = SHA_REQUEST_PHRASE +
                KEY_ACCESS_CODE + "=" + ACCESS_CODE +
                KEY_DEVICE_ID + "=" + device_id +
                KEY_LANGUAGE + "=" + LANGUAGE_TYPE +
                KEY_MERCHANT_IDENTIFIER + "=" + MERCHANT_IDENTIFIER +
                KEY_SERVICE_COMMAND + "=" + SDK_TOKEN +
                SHA_REQUEST_PHRASE;

Then, pass this concatenated string in below method,

  private static String getSignatureSHA256(String s) {
    try {
        // Create MD5 Hash
        MessageDigest digest = MessageDigest.getInstance(SHA_TYPE);
        digest.update(s.getBytes());
        byte messageDigest[] = digest.digest();

        return String.format("%0" + (messageDigest.length * 2) + 'x', new BigInteger(1, messageDigest));
    } catch (NoSuchAlgorithmException e) {
        e.printStackTrace();
    }
    return "";
}

Use below code to get Signature,

            String signature = getSignatureSHA256(concatenatedString);

Happy Coding :)

Heterogeneity answered 22/2, 2019 at 8:42 Comment(0)

Recommended topics

Hot tags