Signing mechanism

All requests and responses must be signed/verified using HMAC-SHA256 where:

key is a value known to both the merchant and PayCertify. This is the “Password” field for the merchant that PayCertify provides.

message is a string of all key-value pairs that start with x_ prefix, sorted alphabetically, and concatenated without separators.

Assuming your HMAC key is “iU21RWxcec”, the signing mechanisms would look like this:

fields = {x_account_id: '064BDCCB1F7A8835A468081753A633CA0B679FC76', x_amount: 89.99, x_currency: 'USD', x_gateway_reference: '123', x_reference: "19783", x_result: "completed", x_test: "true",  x_timestamp: '2019-08-18T12:15:41Z'}
=> {:x_account_id=>"064BDCCB1F7A8835A468081753A633CA0B679FC76", :x_amount=>89.99, :x_currency=>"USD", :x_gateway_reference=>"123", :x_reference=>"19783", :x_result=>"completed", :x_test=>"true", :x_timestamp=>"2019-08-18T12:15:41Z"}
message = fields.sort.join
=> "x_account_id064BDCCB1F7A8835A468081753A633CA0B679FC76x_amount89.99x_currencyUSDx_gateway_reference123x_reference19783x_resultcompletedx_testtruex_timestamp2019-08-18T12:15:41Z"
OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), 'iU21RWxcec', message)
=> "b4a5803453ab83d2cf3e68ad1e353c087c029b8c764e74bababd1a9f8aa3260f"

"x_signature=b4a5803453ab83d2cf3e68ad1e353c087c029b8c764e74bababd1a9f8aa3260f"

fields = {x_account_id:’56DCF309AD9A7D2D1B91883FEFAB1E6BEDA7B647’, x_customer_state:’FL’, x_customer_last_name:’Zommick’, x_customer_first_name:’Jordan’, x_customer_country:’us’, x_customer_address:’1153 Industrial Loop South’, x_customer_city:’Orange Park’, x_customer_email:’[email protected]’, x_amount: 231.78, x_currency: ‘USD’, x_reference:’5892595’, x_url_complete:’http://local.test/?action=payment_system_paycertify&cid=223&subaction=confirm&siteType=17&tm=1&lang=&place=shop’, x_test: ‘true’, x_url_cancel:’http://local.test/?action=payment_system_paycertify&cid=223&subaction=cancel&siteType=17&tm=1&lang=&place=shop’, x_customer_zip:’32073’}