Skip to main content

Signature validation

The purpose of this value is to safeguard the integrity of the response received. It is a string encoded in base 64 format and is located in the "signature" field of the response generated by the library. In the JSON format representation of the response object, this field can be observed as follows:

Important

It is important to take into account this signature validation process only when the value of the code field is not equal to 021 or COMMUNICATION_ERROR.

{
    "code": "00",
    "message": "Operación exitosa",
    "messageUser": "Operación exitosa",
    "messageUserEng": "Successful",
    "response": {
      "payMethod": "CARD",
      "order": [
        {
          "payMethodAuthorization": "CARD",
          "codeAuth": "831000",
          "currency": "PEN",
          "amount": "149.00",
          "installment": "00",
          "deferred": "0",
          "orderNumber": "1737067728",
          "stateMessage": "Autorizado",
          "dateTransaction": "20250116",
          "timeTransaction": "174837",
          "uniqueId": "1429383",
          "referenceNumber": "6330602"
        }
      ],
      "card": {
        "brand": "MC",
        "pan": "511842******6017",
        "save": "false"
      },
      "billing": {
        "firstName": "Lucho",
        "lastName": "Torres",
        "email": "luchotorres@gmail.com",
        "phoneNumber": "989897960",
        "street": "Av. Jorge Chávez 275",
        "city": "Lima",
        "state": "Lima",
        "country": "PE",
        "postalCode": "15000",
        "documentType": "DNI",
        "document": "12345678",
        "companyName": ""
      },
      "merchant": {
        "merchantCode": "4001061",
        "facilitatorCode": ""
      },
      "token": {
        "merchantBuyerId": "MC20250101",
        "cardToken": "",
        "alias": ""
      },
      "authentication": {
        "result": ""
      },
      "customFields": [
        {
          "name": "field1",
          "value": ""
        },
        {
          "name": "field2",
          "value": ""
        },
        {
          "name": "field3",
          "value": ""
        },
        {
          "name": "field4",
          "value": ""
        },
        {
          "name": "field5",
          "value": ""
        },
        {
          "name": "field6",
          "value": ""
        },
        {
          "name": "field7",
          "value": ""
        },
        {
          "name": "field8",
          "value": ""
        },
        {
          "name": "field9",
          "value": ""
        },
        {
          "name": "field10",
          "value": ""
        }
      ]
    },
    "payloadHttp": "{\"code\":\"00\",\"message\":\"Operación exitosa\",\"messageUser\":\"Operación exitosa\",\"messageUserEng\":\"Successful\",\"transactionId\":\"17370677285350\",\"response\":{\"payMethod\":\"CARD\",\"order\":[{\"payMethodAuthorization\":\"CARD\",\"codeAuth\":\"831000\",\"currency\":\"PEN\",\"amount\":\"149.00\",\"installment\":\"00\",\"deferred\":\"0\",\"orderNumber\":\"1737067728\",\"stateMessage\":\"Autorizado\",\"dateTransaction\":\"20250116\",\"timeTransaction\":\"174837\",\"uniqueId\":\"1429383\",\"referenceNumber\":\"6330602\"}],\"card\":{\"brand\":\"MC\",\"pan\":\"511842******6017\",\"save\":\"false\"},\"billing\":{\"firstName\":\"Lucho\",\"lastName\":\"Torres\",\"email\":\"luchotorres@gmail.com\",\"phoneNumber\":\"989897960\",\"street\":\"Av. Jorge Chávez 275\",\"city\":\"Lima\",\"state\":\"Lima\",\"country\":\"PE\",\"postalCode\":\"15000\",\"documentType\":\"DNI\",\"document\":\"12345678\",\"companyName\":\"\"},\"merchant\":{\"merchantCode\":\"4001061\",\"facilitatorCode\":\"\"},\"token\":{\"merchantBuyerId\":\"MC20250101\",\"cardToken\":\"\",\"alias\":\"\"},\"authentication\":{\"result\":\"\"},\"customFields\":[{\"name\":\"field1\",\"value\":\"\"},{\"name\":\"field2\",\"value\":\"a\"},{\"name\":\"field3\",\"value\":\"\"},{\"name\":\"field4\",\"value\":\"\"},{\"name\":\"field5\",\"value\":\"\"},{\"name\":\"field6\",\"value\":\"\"},{\"name\":\"field7\",\"value\":\"\"},{\"name\":\"field8\",\"value\":\"\"},{\"name\":\"field9\",\"value\":\"\"},{\"name\":\"field10\",\"value\":\"\"}]}}",
    "signature": "ddAlW9dl2/t5D3LwG3DpiWZPLmnowunw2XLo5MkxV9s=",
    "transactionId": "17370677285350"
  }

To validate the signature perform the following steps:

  • Access the payload value using the response.payloadHttp attribute.
  • Use HMAC-SHA256 to generate a Hash of the payload value using as secretKey the keyHash (in the section Parameters definition).
  • Compare the result with the signature, if they are the same, the integrity of the message will be guaranteed.

Here is an example of how to perform the signature validation through JavaScript:** **

const { createHmac } = require('crypto');

/**

* Function to validate a HMAC-SHA-256 signature.

*

* @param {string} payload - The original message that was signed.

* @param {string} keyHash - The secret key in the form of a chain.

* @param {string} signature - The signature to be compared with the signature result.

* @returns {boolean} - Returns true if the signature is valid, otherwise false.

*/

function checkSignature(payload, keyHash, signature) {
  if (!keyHash) {
    return false;
  }

  const hmac = createHmac('sha256', Buffer.from(keyHash, 'utf-8'));

  const messageBytes = Buffer.from(payload, 'utf-8');

  const hash = hmac.update(messageBytes).digest('base64');

  return signature === hash;
}

// Example of use

const payload = "{\"code\":\"00\",\"message\":\"OK\",\"messageUser\":\"Operación exitosa\",\"messageUserEng\":\"Successful\",\"transactionId\":\"17370677285350\",\"response\":{\"payMethod\":\"CARD\",\"order\":[{\"payMethodAuthorization\":\"CARD\",\"codeAuth\":\"831000\",\"currency\":\"PEN\",\"amount\":\"1.00\",\"installment\":\"00\",\"deferred\":\"0\",\"orderNumber\":\"1737067728\",\"stateMessage\":\"Autorizado\",\"dateTransaction\":\"20250116\",\"timeTransaction\":\"174837\",\"uniqueId\":\"1429383\",\"referenceNumber\":\"6330602\"}],\"card\":{\"brand\":\"MC\",\"pan\":\"511842******6017\",\"save\":\"false\"},\"billing\":{\"firstName\":\"Luis\",\"lastName\":\"Quispe\",\"email\":\"luisquispetaquire@gmail.com\",\"phoneNumber\":\"989800341\",\"street\":\"Av Sol 123\",\"city\":\"Lima\",\"state\":\"Lima\",\"country\":\"PE\",\"postalCode\":\"15000\",\"documentType\":\"DNI\",\"document\":\"10252022\",\"companyName\":\"\"},\"merchant\":{\"merchantCode\":\"4001061\",\"facilitatorCode\":\"\"},\"token\":{\"merchantBuyerId\":\"MC20250101\",\"cardToken\":\"\",\"alias\":\"\"},\"authentication\":{\"result\":\"\"},\"customFields\":[{\"name\":\"field1\",\"value\":\"\"},{\"name\":\"field2\",\"value\":\"a\"},{\"name\":\"field3\",\"value\":\"\"},{\"name\":\"field4\",\"value\":\"\"},{\"name\":\"field5\",\"value\":\"\"},{\"name\":\"field6\",\"value\":\"\"},{\"name\":\"field7\",\"value\":\"\"},{\"name\":\"field8\",\"value\":\"\"},{\"name\":\"field9\",\"value\":\"\"},{\"name\":\"field10\",\"value\":\"\"}]}}";

const keyHash = 'Xom5Hlt9eSWoylYuBrenIbOsTljEdefR';

const signature = 'ddAlW9dl2/t5D3LwG3DpiWZPLmnowunw2XLo5MkxV9s=';

const isValid = checkSignature(payload, keyHash, signature);

console.log('The signature is valid:', isValid);
Last updated on