SHA-1 Request Authentication Method

To generate request with SHA-1 authentication:

1. Generate Signature,

2. Generate Request.

SHA1 Signature Generation

1. Concatenate all necessary parameters to String (also referred as a “signing string” or “signature base string”). Each API-command might have it’s own list and order of parameters to concatenate in signing string. Check it in the description of control parameter for the relevant API-command with SHA-1 authentication.

   Note

   Use minimal monetary units for amount (i.e. cent, penny etc. For amount of 0.94 USD value in signing string will be 94, for 10.15 USD value in signing string will be 1015)

   For example, parameters:

   endpointid=1111
   client_orderid=902B4FF5
   amount=10.42
   email=john.smith@gmail.com
   merchant_control=B17F59B4-A7DC-41B4-8FF9-37D986B43D20
   

   will be concatenated to the string:

   1111902B4FF51042john.smith@gmail.comB17F59B4-A7DC-41B4-8FF9-37D986B43D20
   

2. Sign the received string using SHA-1:

   Java SHA-1 Generation Example:

   package com.Solid Payments;
   
   import java.nio.charset.StandardCharsets;
   import java.security.MessageDigest;
   import java.security.NoSuchAlgorithmException;
   
   public class HashTextTest {
   
   /**
   * @param args
   * @throws NoSuchAlgorithmException
   */
   
      public static void main(String[] args) throws NoSuchAlgorithmException {
         System.out.println(sha1("test string to sha1"));
      }
   
      static String sha1(String input) throws NoSuchAlgorithmException {
         MessageDigest mDigest = MessageDigest.getInstance("SHA1");
         byte[] result = mDigest.digest(input.getBytes(StandardCharsets.UTF_8));
         StringBuilder sb = new StringBuilder();
         for (byte b : result) {
            sb.append(Integer.toString((b & 0xff) + 0x100, 16).substring(1));
         }
         return sb.toString();
      }
   }
   

   JavaScript SHA-1 Generation Example

   <script src="http://crypto-js.googlecode.com/svn/tags/3.1.2/build/rollups/sha1.js"></script>
   <script type="text/javascript">
      var sha1value = CryptoJS.SHA1("test string to sha1");
   </script>
   

   Bash + openssl SHA-1 Generation Example

   echo -n "test string to sha1" | openssl dgst -sha1
   

   After that signature will look like this:

   c6bdd88a78834ef4b863b088827a459f039e8257
   

SHA1 Request Generation

To make request use generated signature as the value of parameter control in request body.

Example of Request:

Request method: POST
Request URI: https://gate.solidpayments.com/paynet/api/v2/sale/1111
Body: client_orderid=902B4FF5&order_desc=Test Order Description&first_name=John&last_name=Smith&ssn=1267&birthday=19820115&address1=100 Main st&city=Seattle&state=WA&zip_code=98102&country=US&phone=+12063582043&cell_phone=+19023384543&amount=10.42&email=john.smith@gmail.com&currency=USD&ipaddress=65.153.12.232&site_url=https://doc.solidpayments.com&credit_card_number=4538977399606732&card_printed_name=CARD HOLDER&expire_month=12&expire_year=2099&cvv2=123&purpose=user_account1&control=c6bdd88a78834ef4b863b088827a459f039e8257

Example of CURL Request:

curl --data "
   client_orderid=902B4FF5
   &order_desc=Test Order Description
   &first_name=John
   &last_name=Smith
   &ssn=1267
   &birthday=19820115
   &address1=100 Main st
   &city=Seattle
   &state=WA
   &zip_code=98102
   &country=US
   &phone=+12063582043
   &cell_phone=+19023384543
   &amount=10.42
   &email=john.smith@gmail.com
   &currency=USD
   &ipaddress=65.153.12.232
   &site_url=https://doc.solidpayments.com
   &credit_card_number=4538977399606732
   &card_printed_name=CARD HOLDER
   &expire_month=12
   &expire_year=2099
   &cvv2=123
   &purpose=user_account1
   &control=c6bdd88a78834ef4b863b088827a459f039e8257
" https://gate.solidpayments.com/paynet/api/v2/sale/1111