Signing Mechanism

All requests and responses must be signed/verified using HMAC-SHA256 where:

key is a value known to both the merchant and PayCertify. This is the “Password” field for the merchant that PayCertify provides.

message is a string of all key-value pairs that start with x_ prefix, sorted alphabetically, and concatenated without separators.

Assuming your HMAC key is “iU21RWxcec”, the signing mechanisms would look like this:

fields = {
    x_account_id: "064BDCCB1F7A8835A468081753A633CA0B679FC76", 
    x_amount: 89.99, 
    x_currency: "USD", 
    x_gateway_reference: "123", 
    x_reference: "19783", 
    x_result: "completed", 
    x_test: "true",
    x_timestamp: "2019-08-18T12:15:41Z"
}
=> {
    :x_account_id=>"064BDCCB1F7A8835A468081753A633CA0B679FC76", 
    :x_amount=>89.99, 
    :x_currency=>"USD", 
    :x_gateway_reference=>"123", 
    :x_reference=>"19783", 
    :x_result=>"completed", 
    :x_test=>"true", 
    :x_timestamp=>"2019-08-18T12:15:41Z"
}
message = fields.sort.join
=> "x_account_id064BDCCB1F7A8835A468081753A633CA0B679FC76x_amount89.99x_currencyUSDx_gateway_reference123x_reference19783x_resultcompletedx_testtruex_timestamp2019-08-18T12:15:41Z"

OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new("sha256"), "iU21RWxcec", message)
=> "b4a5803453ab83d2cf3e68ad1e353c087c029b8c764e74bababd1a9f8aa3260f"

"x_signature=b4a5803453ab83d2cf3e68ad1e353c087c029b8c764e74bababd1a9f8aa3260f"