Skip to main content

Signature validation

The purpose of this value is to safeguard the integrity of the response received. It is a string encoded in base 64 format and is located in the "signature" field of the response generated by the library. In the JSON format representation of the response object, this field can be observed as follows:

It is important to take into account this signature validation process only when the value of the "paymentResult.code" field is not equal to "021" or "COMMUNICATION_ERROR".

{
    "code": "00",
    "message": "Operación exitosa",
    "messageUser": "Operación exitosa",
    "messageUserEng": "Successful",
    "response": {
      "payMethod": "CARD",
      "order": [
        {
          "payMethodAuthorization": "CARD",
          "codeAuth": "S93925",
          "currency": "PEN",
          "amount": "149.00",
          "installment": "00",
          "deferred": "0",
          "orderNumber": "7676794",
          "stateMessage": "Autorizado",
          "dateTransaction": "20240307",
          "timeTransaction": "111451",
          "uniqueId": "1286134",
          "referenceNumber": "7000000"
        }
      ],
      "card": {
        "brand": "VS",
        "pan": "497010******0055",
        "save": "false"
      },
      "billing": {
        "firstName": "Lucho",
        "lastName": "Torres",
        "email": "luchotorres@gmail.com",
        "phoneNumber": "989897960",
        "street": "Av. Jorge Chávez 275",
        "city": "Lima",
        "state": "Lima",
        "country": "PE",
        "postalCode": "15000",
        "documentType": "DNI",
        "document": "12345678",
        "companyName": ""
      },
      "merchant": {
        "merchantCode": "4075169",
        "facilitatorCode": ""
      },
      "token": {
        "merchantBuyerId": "enriquepariascauser",
        "cardToken": "",
        "alias": ""
      },
      "authentication": {
        "result": ""
      },
      "customFields": [
        "",
        "",
        "",
        "",
        "",
        "",
        "",
        "",
        "",
        ""
      ],
    },
    "payloadHttp": "{\"code\":\"00\",\"message\":\"Operación exitosa\",\"messageUser\":\"Operación exitosa\",\"messageUserEng\":\"Successful\",\"transactionId\":\"557763479\",\"response\":{\"payMethod\":\"CARD\",\"order\":[{\"payMethodAuthorization\":\"CARD\",\"codeAuth\":\"S93925\",\"currency\":\"PEN\",\"amount\":\"149.00\",\"installment\":\"00\",\"deferred\":\"0\",\"orderNumber\":\"7676794\",\"stateMessage\":\"Autorizado\",\"dateTransaction\":\"20240307\",\"timeTransaction\":\"111451\",\"uniqueId\":\"1286134\",\"referenceNumber\":\"7000000\"}],\"card\":{\"brand\":\"VS\",\"pan\":\"497010******0055\",\"save\":\"false\"},\"billing\":{\"firstName\":\"Lucho\",\"lastName\":\"Torres\",\"email\":\"luchotorres@gmail.com\",\"phoneNumber\":\"989897960\",\"street\":\"Av. Jorge Chávez 275\",\"city\":\"Lima\",\"state\":\"Lima\",\"country\":\"PE\",\"postalCode\":\"15000\",\"documentType\":\"DNI\",\"document\":\"12345678\",\"companyName\":\"\"},\"merchant\":{\"merchantCode\":\"4075169\",\"facilitatorCode\":\"\"},\"token\":{\"merchantBuyerId\":\"enriquepariascauser\",\"cardToken\":\"\",\"alias\":\"\"},\"authentication\":{\"result\":\"\"},\"customFields\":[\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\"]}}",
    "signature": "0rlf7ASjgBBfVu1XB1PcnvMPvV6wFVEL/P8BgbbtRSY=",
    "transactionId": "557763479"
  }

To validate the signature perform the following steps:

  • Access the payload value using the paymentResult.response.payloadHttp attribute (review step 5 of the Integration with iOS section).
  • Use HMAC-SHA256 to generate a Hash of the payload value using as secretKey the keyHash (in section Parameters definition).
  • Compare the result with the signature, if they are the same, the integrity of the message will be guaranteed.

Here is an example of how to perform signature validation through JavaScript:

import Foundation
import CommonCrypto

func checkSignature(payload: String, keyHash: String, signature: String) -> Bool {

    if keyHash.isEmpty {
        return false
    }

    let messageData = payload.data(using: .utf8)!
    let keyData = keyHash.data(using: .utf8)!
    var digest = [UInt8](repeating: 0, count: Int(CC_SHA256_DIGEST_LENGTH))

    CCHmac(CCHmacAlgorithm(kCCHmacAlgSHA256), keyData.bytes, keyData.count, messageData.bytes, messageData.count, &digest)

    let computedSignature = Data(digest).base64EncodedString()
    return signature == computedSignature

}
// Example of use

let payload = "{\"code\":\"00\",\"message\":\"OK\",\"messageUser\":\"Operación exitosa\",\"messageUserEng\":\"Successful\",\"transactionId\":\"557763479\",\"response\":{\"payMethod\":\"CARD\",\"order\":[{\"payMethodAuthorization\":\"CARD\",\"codeAuth\":\"S93925\",\"currency\":\"PEN\",\"amount\":\"1.00\",\"installment\":\"00\",\"deferred\":\"0\",\"orderNumber\":\"7676794\",\"stateMessage\":\"Autorizado\",\"dateTransaction\":\"20240307\",\"timeTransaction\":\"111451\",\"uniqueId\":\"1286134\",\"referenceNumber\":\"7000000\"}],\"card\":{\"brand\":\"VS\",\"pan\":\"497010******0055\",\"save\":\"false\"},\"billing\":{\"firstName\":\"enrique\",\"lastName\":\"pariasca\",\"email\":\"enrique.pariasca@izitest.pe\",\"phoneNumber\":\"989339999\",\"street\":\"calle el demo sdk\",\"city\":\"lima\",\"state\":\"lima\",\"country\":\"PE\",\"postalCode\":\"00001\",\"documentType\":\"DNI\",\"document\":\"12345678\",\"companyName\":\"\"},\"merchant\":{\"merchantCode\":\"4075169\",\"facilitatorCode\":\"\"},\"token\":{\"merchantBuyerId\":\"enriquepariascauser\",\"cardToken\":\"\",\"alias\":\"\"},\"authentication\":{\"result\":\"\"},\"customFields\":[\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\"]}}"
let keyHash = "Xom5Hlt9eSWoylYuBrenIbOsTljEdefR"
let signature = "0rlf7ASjgBBfVu1XB1PcnvMPvV6wFVEL/P8BgbbtRSY="
let isValid = checkSignature(payload: payload, keyHash: keyHash, signature: signature)
print("The signature is valid:", isValid)