Skip to main content

Signature validation

The purpose of this value is to safeguard the integrity of the response received. It is a string encoded in base 64 format and is located in the "signature" field of the response generated by the library. In the JSON format representation of the response object, this field can be observed as follows:

It is important to take into account this signature validation process only when the value of the "paymentResult.code" field is not equal to "021" or "COMMUNICATION_ERROR".

{
    "code": "00",
    "message": "Operación exitosa",
    "messageUser": "Operación exitosa",
    "messageUserEng": "Successful",
    "response": {
      "payMethod": "CARD",
      "order": [
        {
          "payMethodAuthorization": "CARD",
          "codeAuth": "S93925",
          "currency": "PEN",
          "amount": "149.00",
          "installment": "00",
          "deferred": "0",
          "orderNumber": "7676794",
          "stateMessage": "Autorizado",
          "dateTransaction": "20240307",
          "timeTransaction": "111451",
          "uniqueId": "1286134",
          "referenceNumber": "7000000"
        }
      ],
      "card": {
        "brand": "VS",
        "pan": "497010******0055",
        "save": "false"
      },
      "billing": {
        "firstName": "Lucho",
        "lastName": "Torres",
        "email": "luchotorres@gmail.com",
        "phoneNumber": "989897960",
        "street": "Av. Jorge Chávez 275",
        "city": "Lima",
        "state": "Lima",
        "country": "PE",
        "postalCode": "15000",
        "documentType": "DNI",
        "document": "12345678",
        "companyName": ""
      },
      "merchant": {
        "merchantCode": "4075169",
        "facilitatorCode": ""
      },
      "token": {
        "merchantBuyerId": "mc4075169",
        "cardToken": "",
        "alias": ""
      },
      "authentication": {
        "result": ""
      },
      "customFields": [
        "",
        "",
        "",
        "",
        "",
        "",
        "",
        "",
        "",
        ""
      ]
    },
    "payloadHttp": "{\"code\":\"00\",\"message\":\"Operación exitosa\",\"messageUser\":\"Operación exitosa\",\"messageUserEng\":\"Successful\",\"transactionId\":\"557763479\",\"response\":{\"payMethod\":\"CARD\",\"order\":[{\"payMethodAuthorization\":\"CARD\",\"codeAuth\":\"S93925\",\"currency\":\"PEN\",\"amount\":\"149.00\",\"installment\":\"00\",\"deferred\":\"0\",\"orderNumber\":\"7676794\",\"stateMessage\":\"Autorizado\",\"dateTransaction\":\"20240307\",\"timeTransaction\":\"111451\",\"uniqueId\":\"1286134\",\"referenceNumber\":\"7000000\"}],\"card\":{\"brand\":\"VS\",\"pan\":\"497010******0055\",\"save\":\"false\"},\"billing\":{\"firstName\":\"Lucho\",\"lastName\":\"Torres\",\"email\":\"luchotorres@gmail.com\",\"phoneNumber\":\"989897960\",\"street\":\"Av. Jorge Chávez 275\",\"city\":\"Lima\",\"state\":\"Lima\",\"country\":\"PE\",\"postalCode\":\"15000\",\"documentType\":\"DNI\",\"document\":\"12345678\",\"companyName\":\"\"},\"merchant\":{\"merchantCode\":\"4075169\",\"facilitatorCode\":\"\"},\"token\":{\"merchantBuyerId\":\"mc4075169\",\"cardToken\":\"\",\"alias\":\"\"},\"authentication\":{\"result\":\"\"},\"customFields\":[\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\"]}}",
    "signature": "0rlf7ASjgBBfVu1XB1PcnvMPvV6wFVEL/P8BgbbtRSY=",
    "transactionId": "557763479"
  }

To validate the signature perform the following steps:

  • Access the payload value using the paymentResult.response.payloadHttp attribute (review step 5 of the Integration with Android section).
  • Use HMAC-SHA256 to generate a Hash of the payload value using as secretKey the keyHash (in section Parameters definition).
  • Compare the result with the signature, if they are the same, the integrity of the message will be guaranteed.

Here is an example of how to perform signature validation through JavaScript:

import javax.crypto.Mac
import javax.crypto.spec.SecretKeySpec 
import java.nio.charset.StandardCharsets 
import java.util.Base64
  

fun main() { 
    val payload = "{\"code\":\"00\",\"message\":\"OK\",\"messageUser\":\"Operación exitosa\",\"messageUserEng\":\"Successful\",\"transactionId\":\"557763479\",\"response\":{\"payMethod\":\"CARD\",\"order\":[{\"payMethodAuthorization\":\"CARD\",\"codeAuth\":\"S93925\",\"currency\":\"PEN\",\"amount\":\"1.00\",\"installment\":\"00\",\"deferred\":\"0\",\"orderNumber\":\"7676794\",\"stateMessage\":\"Autorizado\",\"dateTransaction\":\"20240307\",\"timeTransaction\":\"111451\",\"uniqueId\":\"1286134\",\"referenceNumber\":\"7000000\"}],\"card\":{\"brand\":\"VS\",\"pan\":\"497010******0055\",\"save\":\"false\"},\"billing\":{\"firstName\":\"enrique\",\"lastName\":\"pariasca\",\"email\":\"enrique.pariasca@izitest.pe\",\"phoneNumber\":\"989339999\",\"street\":\"calle el demo sdk\",\"city\":\"lima\",\"state\":\"lima\",\"country\":\"PE\",\"postalCode\":\"00001\",\"documentType\":\"DNI\",\"document\":\"12345678\",\"companyName\":\"\"},\"merchant\":{\"merchantCode\":\"4075169\",\"facilitatorCode\":\"\"},\"token\":{\"merchantBuyerId\":\"enriquepariascauser\",\"cardToken\":\"\",\"alias\":\"\"},\"authentication\":{\"result\":\"\"},\"customFields\":[\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\"]}}"
    val keyHash = "Xom5Hlt9eSWoylYuBrenIbOsTljEdefR" 
    val signature = "0rlf7ASjgBBfVu1XB1PcnvMPvV6wFVEL/P8BgbbtRSY="
    val isValid = checkSignature(payload, keyHash, signature) 
    println("La firma es válida: $isValid") 
} 

fun checkSignature(payload: String, keyHash: String, signature: String): Boolean { 
    if (keyHash.isEmpty()) { 
        return false 
    } 

    val keySpec = SecretKeySpec(keyHash.toByteArray(StandardCharsets.UTF_8), "HmacSHA256") 
    val mac = Mac.getInstance("HmacSHA256") 
    mac.init(keySpec) 
    val hashBytes = mac.doFinal(payload.toByteArray(StandardCharsets.UTF_8)) 
    val computedSignature = Base64.getEncoder().encodeToString(hashBytes) 
    return signature == computedSignature 
}