Signing mechanism

All requests and responses must be signed/verified using HMAC-SHA256 where:

key is a value known to both the merchant and PayCertify. This is the “Password” field for the merchant that PayCertify provides.

message is a string of all key-value pairs that start with x_ prefix, sorted alphabetically, and concatenated without separators.

Assuming your HMAC key is “iU21RWxcec”, the signing mechanisms would look like this:

fields = {x_account_id: '064BDCCB1F7A8835A468081753A633CA0B679FC76', x_amount: 89.99, x_currency: 'USD', x_gateway_reference: '123', x_reference: "19783", x_result: "completed", x_test: "true",  x_timestamp: '2019-08-18T12:15:41Z'}
=> {:x_account_id=>"064BDCCB1F7A8835A468081753A633CA0B679FC76", :x_amount=>89.99, :x_currency=>"USD", :x_gateway_reference=>"123", :x_reference=>"19783", :x_result=>"completed", :x_test=>"true", :x_timestamp=>"2019-08-18T12:15:41Z"}
message = fields.sort.join
=> "x_account_id064BDCCB1F7A8835A468081753A633CA0B679FC76x_amount89.99x_currencyUSDx_gateway_reference123x_reference19783x_resultcompletedx_testtruex_timestamp2019-08-18T12:15:41Z"
OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), 'iU21RWxcec', message)
=> "b4a5803453ab83d2cf3e68ad1e353c087c029b8c764e74bababd1a9f8aa3260f"

"x_signature=b4a5803453ab83d2cf3e68ad1e353c087c029b8c764e74bababd1a9f8aa3260f"