Parameters such as transaction ID and amount need to be verified with the values sent in the request by you. This will identify any of the parameters that have been tampered with in response. Note: It is strongly recommended that you verify the parameters posted by PayU in response to that of the parameter sent by you in the request. Invoice Completion URLs configured with the merchant account.Notification URLs configured with the merchant account.URLs shared as part of payment request to PayU in the parameters: surl, furl, curl, nurl, and termUrl.The last web address accessed by a browser before loading PayU’s checkout page.The following are considered sources for the merchant-level URL: The details including - but are not limited to - the following are considered sensitive information:Īlong with the request, the sensitive information should not be a part of any merchant-level URL. You need to ensure that sensitive information related to the integration is not part of the payment request to PayU. For more information on the integration process, refer to Transaction Details APIs and Webhooks. PayU strongly recommends that you secure your integration by implementing Verify web service and webhook/callback as a secondary confirmation of the transaction response. Computing hash will protect you from any tampering by your customers and help in ensuring a safe and secure transaction experience. Integration SecurityĪfter receiving a response from PayU and comparing it with the request, you must compute the hash (or checksum) again and post-back parameters. For example, if you are not posting udf1, the udf1 field will be left empty in the hash calculation. But, the udf parameters (udf1-udf5) are optional, and you need to calculate the hash based on whether you are posting a particular udf or not. Hence, these parameters cannot be empty in the hash calculation. Here, the following parameters are mandatory: The parameter order is in the following code block: sha512(key|txnid|amount|productinfo|firstname|email|udf1|udf2|udf3|udf4|udf5||||||SALT)Īll the parameters (and their descriptions) mentioned in the above code block have already been mentioned earlier in the Hosted Checkout Integration sections. Note: Ensure that you use pipe (|) character between these parameters as mentioned in the following code block. You need to generate a string using certain parameters and apply the SHA-512 algorithm to this string. PayU uses the SHA-512 hash function that belongs to the SHA-2 family of cryptographic functions. The hash is used to protect transactions against a “man-in-the-middle-attack.” ![]() Whether you want to verify a SHA-512 checksum, SHA-256 hash, SHA-1 hash, or MD5 checksum, you can do any through the command line on the Mac.Hash Generation Logic for Payment RequestĪ hash is an encrypted value (checksum) that is sent by you in a payment request and sent by PayU in the payment response. If you’re already familiar with the general process of checking hashes, whether it be checking sha1 checksums or MD5 hash, then this process and the commands may not come as much of a surprise to you, though the latter uses a different command specific to md5. With the large string of numbers nd characters being the sha256 hash. This will return something like the following: Openssl sha256 ~/Documents/"Data Integrity Matters.pdf" You can also check and verify sha256 hash by using the openssl command.įrom Terminal.app, use the following command:įor example, to verify the sha256 hash of a file named “Data Integrity Matters.pdf” located in the user Documents folder: Launch Terminal and then use the following command, replacing /path/to/file with the file path as appropriate:įor example, to check the sha256 hash of a file called “TopSecret.tgz” in the user Downloads folder, you could use the following:Ģ3bd4728d59aa19260aaeec757b4f76eca4baebaf33a94f120086c06e7bc80ef ~/Downloads/TopSecret.tgz The shasum command is available on all modern Macs and can be used to check sha256 hash. There are a variety of types of hashes and checksums, but what we’ll cover here is sha256. For example, if the file checksum matches on your end with the checksum posted by where you received the file, you can be sure the file is identical. We’ll cover two different command line tools to verify a sha256 checksum on the Mac, and both come preinstalled with all modern versions of MacOS.įor those who are not familiar, a checksum is basically a string of letters and numbers that can be used to determine file integrity, like whether an error occurred during transmission, or whether a file was tampered with.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |