V1
Callbacks management
2.1 Method to create the signature
CallbackSignature is a computed and encrypted chain enabling the client to verify the validity of the call.
It is built as follows :
Extracting all callback parameters (except CallbackSignature)
Classifying by alphabetical order (ascendant) and by key
Extracting their values to a list
Adding the client secret chain to this list (in pre-production by the value "0")
concatenation of these values into a unique chain via the sign "+"
Verifying the chain is in the UTF-8 format
Hashing the chain via the "SHA-1" algorithm
Attributing the result to the parameter "CallbackSignature".
2.2 Method to verify the callbacks validity
To verify a request is valid, you first have to create a signature with the construction method and compare this signature value to the value of the signature received in the callback.
If both signatures are similar, then the request is valid. If not, the request has been corrupted..
2.3 EXAMPLE OF A SIGNATURE COMPUTATION
Example 1 : Callback valid
orderId=123456amount=1020&CallbackSignature=814de6e4d24008b1764fe093026b5127cddbf6c2
Concatenated chain (with secret chain = 0) : 1020+123456+0
CallbackSignature computed : 814de6e4d24008b1764fe093026b5127cddbf6c2
Example 2 : Callback corrupted
orderId=123456&amount=1020&CallbackSignature=c7ce2c2adb001127d2c2a12612184669f340dfd7
Concatenated chain (with secret chain = 0) : 1020+123456+0
CallbackSignature computed : 814de6e4d24008b1764fe093026b5127cddbf6c2