Callback signature server

Prerequisite

Please ask S-money team to activate this functionality. Once confirmed, a new parameter "CallbackSignature" will be added to callbacks contents.

Callbacks management

2.1 Method to create the signature

CallbackSignature is a computed and encrypted chain enabling the client to verify the validity of the call.

It is built as follows:
- Extracting all callback parameters (except CallbackSignature)
- Classifying by alphabetical order (ascendant) and by key
- Extracting their values to a list
- Adding the client secret chain to this list (in pre-production by the value "0")
- concatenation of these values into a unique chain via the sign "+"
- Verifying the chain is in the UTF-8 format
- Hashing the chain via the "SHA-1" algorithm
- Attributing the result to the parameter "CallbackSignature".

2.2 Method to verify the callbacks validity

To verify a request is valid, you first have to create a signature with the construction method and compare this signature value to the value of the signature received in the callback.
If both signatures are similar, then the request is valid. If not, the request has been corrupted..

2.3 EXAMPLE OF A SIGNATURE COMPUTATION

Example 1 : Callback valid

orderId=123456amount=1020&CallbackSignature=814de6e4d24008b1764fe093026b5127cddbf6c2

Concatenated chain (with secret chain = 0) : 1020+123456+0

CallbackSignature computed : 814de6e4d24008b1764fe093026b5127cddbf6c2

Example 2 : Callback corrupted

orderId=123456&amount=1020&CallbackSignature=c7ce2c2adb001127d2c2a12612184669f340dfd7

Concatenated chain (with secret chain = 0) : 1020+123456+0

CallbackSignature computed : 814de6e4d24008b1764fe093026b5127cddbf6c2