Webhooks
Code samples to generate and verify signature hash for the data received via Payment Status webhooks sent from PortOne servers.
- Golang
- PHP
- NodeJS
- C#
- Java
- Python
import (
"crypto/hmac"
"crypto/sha256"
"encoding/base64"
)
type WebhookResponseObj struct {
Currency string
Amount string
OrderRef string
MerchantOrderRef string
CountryCode string
ChannelOrderRef string
Status string
ChannelKey string
MethodName string
Signature string
}
func VerifySignature(webhookResponseObj WebhookResponseObj, secretKey string) bool {
params := make(url.Values)
params.Add("currency", webhookResponseObj.Currency)
params.Add("amount", webhookResponseObj.Amount)
params.Add("order_ref", webhookResponseObj.OrderRef)
params.Add("merchant_order_ref", webhookResponseObj.MerchantOrderRef)
params.Add("channel_order_ref", webhookResponseObj.ChannelOrderRef)
params.Add("country_code", webhookResponseObj.CountryCode)
params.Add("status", webhookResponseObj.Status)
params.Add("channel_key", webhookResponseObj.ChannelKey)
params.Add("method_name", webhookResponseObj.MethodName)
data = params.Encode()
secret := []byte(secretKey)
message := []byte(data)
hash := hmac.New(sha256.New, secret)
hash.Write(message)
hash_value := base64.StdEncodin.EncodeToString(hash.Sum(nil))
// compare this hash_value to one received in payment response
if hash_value != webhookResponseObj.Signature {
println("Hash verification failed, not from valid source")
return false
} else {
println("Hash verification succeded")
return true
}
}
<?php
function VerifySignature($webhookResponseObj, $secretKey) {
$data = array(
'currency' =>$webhookResponseObj.Currency,
'amount' => $webhookResponseObj.Amount,
'order_ref' => $webhookResponseObj.OrderRef,
'merchant_order_ref' => $webhookResponseObj.MerchantOrderRef,
'channel_order_ref'=> $webhookResponseObj.ChannelOrderRef,
'country_code' => $webhookResponseObj.CountryCode,
'status' => $webhookResponseObj.Status,
'channel_key' => $webhookResponseObj.ChannelKey,
'method_name' => $webhookResponseObj.MethodName
);
ksort($data);
$message = http_build_query($data);
$hash_value = base64_encode(hash_hmac('sha256', $message, $secretKey, true));
if($hash_value !== responseObj.Signature){
echo "Hash verification failed, not from valid source";
return false;
} else{
echo "Hash verification succeded";
return true;
}
}
?>
var url = require('url');
var crypto = require('crypto');
function VerifySignature(webhookResponseObj, secretKey) {
const params = new URLSearchParams();
params.append('currency', webhookResponseObj.Currency)
params.append('amount', webhookResponseObj.Amount)
params.append('order_ref', webhookResponseObj.OrderRef)
params.append('merchant_order_ref', webhookResponseObj.MerchantOrderRef)
params.append('channel_order_ref', webhookResponseObj.ChannelOrderRef)
params.append('country_code', webhookResponseObj.CountryCode)
params.append('status', webhookResponseObj.Status)
params.append('channel_key', webhookResponseObj.ChannelKey)
params.append('method_name', webhookResponseObj.MethodName)
params.sort();
var message = params.toString()
var hash_value = crypto.createHmac('sha256', secretKey).update(message).hash.digest('base64');
if(hash_value !== webhookResponseObj.signature_hash){
console.log("Hash verification failed, not from valid source")
return false;
} else{
console.log("Hash verification succeded")
return true;
}
}
using System;
using System.Security.Cryptography;
using System.Collections.Specialized;
class WebhookResponse {
string Currency,
string Amount,
string OrderRef,
string MerchantOrderRef,
string CountryCode,
string ChannelOrderRef,
string Status,
string ChannelKey,
string MethodName,
string Signature,
}
namespace Signature {
public class Signature {
private bool VerifySignature(WebhookResponse webhookResponse, string secret) {
NameValueCollection myCollection = System.Web.HttpUtility.ParseQueryString(string.Empty);
myCollection.Add("currency", webhookResponse.Currency);
myCollection.Add("amount", webhookResponse.Amount);
myCollection.Add("order_ref", webhookResponse.OrderRef);
myCollection.Add("merchant_order_ref", webhookResponse.MerchantOrderRef);
myCollection.Add("channel_order_ref", webhookResponse.ChannelOrderRef);
myCollection.Add("country_code", webhookResponse.CountryCode);
myCollection.Add("status", webhookResponse.Status);
myCollection.Add("channel_key", webhookResponse.ChannelKey);
myCollection.Add("method_name", webhookResponse.MethodName);
string message = myCollection.ToString();
var encoding = new System.Text.ASCIIEncoding();
byte[] keyByte = encoding.GetBytes(secret);
byte[] messageBytes = encoding.GetBytes(message);
var hmacsha256 = new HMACSHA256(keyByte);
byte[] hashmessage = hmacsha256.ComputeHash(messageBytes);
string hash_value = Convert.ToBase64String(hashmessage);
if (hash_value !== webhookResponse.Signature) {
Console.WriteLine("Hash verification failed, not from valid source")
return false;
} else {
Console.WriteLine("Hash verification succeded")
return true;
}
}
}
}
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.binary.Base64;
class WebhookResponse {
string Currency,
string Amount,
string OrderRef,
string MerchantOrderRef,
string CountryCode,
string ChannelOrderRef,
string Status,
string ChannelKey,
string MethodName,
string Signature,
}
public class ApiSecurityExample {
public static String VerifySignature(WebhookResponse webhookResponse, String secret) {
StringBuilder stringBuilder = new StringBuilder();
Map < String, String > map;
map["currency"] = webhookResponse.Currency;
map["amount"] = webhookResponse.Amount;
map["order_ref"] = webhookResponse.OrderRef;
map["merchant_order_ref"] = webhookResponse.MerchantOrderRef;
map["channel_order_ref"] = webhookResponse.ChannelOrderRef;
map["country_code"] = webhookResponse.CountryCode;
map["status"] = webhookResponse.Status;
map["channel_key"] = webhookResponse.ChannelKey;
map["method_name"] = webhookResponse.ChannelKey;
for (String key: map.keySet()) {
if (stringBuilder.length() > 0) {
stringBuilder.append("&");
}
String value = map.get(key);
try {
stringBuilder.append((key != null ? URLEncoder.encode(key, "UTF-8") : ""));
stringBuilder.append("=");
stringBuilder.append(value != null ? URLEncoder.encode(value, "UTF-8") : "");
} catch (UnsupportedEncodingException e) {
throw new RuntimeException("This method requires UTF-8 encoding support", e);
}
}
String message = stringBuilder.toString();
Mac sha256_HMAC = Mac.getInstance("HmacSHA256");
SecretKeySpec secret_key = new SecretKeySpec(secret.getBytes(), "HmacSHA256");
sha256_HMAC.init(secret_key);
String hash_value = Base64.encodeBase64String(sha256_HMAC.doFinal(message.getBytes()));
if (hash_value !== webhookResponse.Signature) {
System.out.println("Hash verification failed, not from valid source")
return false;
} else {
System.out.println("Hash verification succeded")
return true;
}
}
}
#!/usr/bin/python
# -*- coding: utf-8 -*-
import urllib
import hashlib
import hmac
import base64
class WebhookResponseObj:
def __init__(self, Currency, Amount, OrderRef, MerchantOrderRef, CountryCode, ChannelOrderRef, Status, ChannelKey, MethodName, Signature):
# Instance Variable
self.Currency = Currency
self.Amount = Amount
self.OrderRef = OrderRef
self.MerchantOrderRef = MerchantOrderRef
self.CountryCode = CountryCode
self.ChannelOrderRef = ChannelOrderRef
self.Status = Status
self.ChannelKey = ChannelKey
self.MethodName = MethodName
self.Signature = Signature
def GenerateSignature(WebhookResponseObj, secretKey):
f = {
'currency': WebhookResponseObj.Currency,
'amount': WebhookResponseObj.Amount,
'order_ref': WebhookResponseObj.OrderRef,
'merchant_order_ref': WebhookResponseObj.MerchantOrderRef,
'channel_order_ref': WebhookResponseObj.ChannelOrderRef,
'country_code': WebhookResponseObj.CountryCode,
'status': WebhookResponseObj.Status,
'channel_key': WebhookResponseObj.ChannelKey,
'method_name': WebhookResponseObj.MethodName,
}
message1 = urllib.urlencode(f)
message = bytes(message1).encode('utf-8')
secret = bytes(secretKey).encode('utf-8')
signature = base64.b64encode(hmac.new(secret, message, digestmod=hashlib.sha256).digest())
if (signature !== WebhookResponseObj.Signature) {
Print("Hash verification failed, not from valid source")
return false;
} else {
Print("Hash verification succeded")
return true;
}
Code samples to generate and verify signature hash for the data received via Payment Link Status webhooks sent from PortOne servers.
- Golang
- PHP
- NodeJS
- C#
- Java
- Python
import (
"crypto/hmac"
"crypto/sha256"
"encoding/base64"
)
type WebhookResponseObj struct {
Currency string
Amount string
LinkRef string
MerchantOrderRef string
CountryCode string
Status string
Signature string
}
func VerifySignature(webhookResponseObj WebhookResponseObj, secretKey string) bool {
params := make(url.Values)
params.Add("currency", webhookResponseObj.Currency)
params.Add("amount", webhookResponseObj.Amount)
params.Add("link_ref", webhookResponseObj.LinkRef)
params.Add("merchant_order_ref", webhookResponseObj.MerchantOrderRef)
params.Add("country_code", webhookResponseObj.CountryCode)
params.Add("status", webhookResponseObj.Status)
data = params.Encode()
secret := []byte(secretKey)
message := []byte(data)
hash := hmac.New(sha256.New, secret)
hash.Write(message)
hash_value := base64.StdEncodin.EncodeToString(hash.Sum(nil))
// compare this hash_value to one received in payment response
if hash_value != webhookResponseObj.Signature {
println("Hash verification failed, not from valid source")
return false
} else {
println("Hash verification succeded")
return true
}
}
<?php
function VerifySignature($webhookResponseObj, $secretKey) {
$data = array(
'currency' =>$webhookResponseObj.Currency,
'amount' => $webhookResponseObj.Amount,
'link_ref' => $webhookResponseObj.LinkRef,
'merchant_order_ref' => $webhookResponseObj.MerchantOrderRef,
'country_code' => $webhookResponseObj.CountryCode,
'status' => $webhookResponseObj.Status,
);
ksort($data);
$message = http_build_query($data);
$hash_value = base64_encode(hash_hmac('sha256', $message, $secretKey, true));
if($hash_value !== responseObj.Signature){
echo "Hash verification failed, not from valid source";
return false;
} else{
echo "Hash verification succeded";
return true;
}
}
?>
var url = require('url');
var crypto = require('crypto');
function VerifySignature(webhookResponseObj, secretKey) {
const params = new URLSearchParams();
params.append('currency', webhookResponseObj.Currency)
params.append('amount', webhookResponseObj.Amount)
params.append('link_ref', webhookResponseObj.LinkRef)
params.append('merchant_order_ref', webhookResponseObj.MerchantOrderRef)
params.append('country_code', webhookResponseObj.CountryCode)
params.append('status', webhookResponseObj.Status)
params.sort();
var message = params.toString()
var hash_value = crypto.createHmac('sha256', secretKey).update(message).hash.digest('base64');
if(hash_value !== webhookResponseObj.signature_hash){
console.log("Hash verification failed, not from valid source")
return false;
} else{
console.log("Hash verification succeded")
return true;
}
}
using System;
using System.Security.Cryptography;
using System.Collections.Specialized;
class WebhookResponse {
string Currency,
string Amount,
string LinkRef,
string MerchantOrderRef,
string CountryCode,
string Status,
string Signature,
}
namespace Signature {
public class Signature {
private bool VerifySignature(WebhookResponse webhookResponse, string secret) {
NameValueCollection myCollection = System.Web.HttpUtility.ParseQueryString(string.Empty);
myCollection.Add("currency", webhookResponse.Currency);
myCollection.Add("amount", webhookResponse.Amount);
myCollection.Add("link_ref", webhookResponse.LinkRef);
myCollection.Add("merchant_order_ref", webhookResponse.MerchantOrderRef);
myCollection.Add("country_code", webhookResponse.CountryCode);
myCollection.Add("status", webhookResponse.Status);
string message = myCollection.ToString();
var encoding = new System.Text.ASCIIEncoding();
byte[] keyByte = encoding.GetBytes(secret);
byte[] messageBytes = encoding.GetBytes(message);
var hmacsha256 = new HMACSHA256(keyByte);
byte[] hashmessage = hmacsha256.ComputeHash(messageBytes);
string hash_value = Convert.ToBase64String(hashmessage);
if (hash_value !== webhookResponse.Signature) {
Console.WriteLine("Hash verification failed, not from valid source")
return false;
} else {
Console.WriteLine("Hash verification succeded")
return true;
}
}
}
}
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.binary.Base64;
class WebhookResponse {
string Currency,
string Amount,
string LinkRef,
string MerchantOrderRef,
string CountryCode,
string Status,
string Signature,
}
public class ApiSecurityExample {
public static String VerifySignature(WebhookResponse webhookResponse, String secret) {
StringBuilder stringBuilder = new StringBuilder();
Map < String, String > map;
map["currency"] = webhookResponse.Currency;
map["amount"] = webhookResponse.Amount;
map["link_ref"] = webhookResponse.LinkRef;
map["merchant_order_ref"] = webhookResponse.MerchantOrderRef;
map["country_code"] = webhookResponse.CountryCode;
map["status"] = webhookResponse.Status;
for (String key: map.keySet()) {
if (stringBuilder.length() > 0) {
stringBuilder.append("&");
}
String value = map.get(key);
try {
stringBuilder.append((key != null ? URLEncoder.encode(key, "UTF-8") : ""));
stringBuilder.append("=");
stringBuilder.append(value != null ? URLEncoder.encode(value, "UTF-8") : "");
} catch (UnsupportedEncodingException e) {
throw new RuntimeException("This method requires UTF-8 encoding support", e);
}
}
String message = stringBuilder.toString();
Mac sha256_HMAC = Mac.getInstance("HmacSHA256");
SecretKeySpec secret_key = new SecretKeySpec(secret.getBytes(), "HmacSHA256");
sha256_HMAC.init(secret_key);
String hash_value = Base64.encodeBase64String(sha256_HMAC.doFinal(message.getBytes()));
if (hash_value !== webhookResponse.Signature) {
System.out.println("Hash verification failed, not from valid source")
return false;
} else {
System.out.println("Hash verification succeded")
return true;
}
}
}
#!/usr/bin/python
# -*- coding: utf-8 -*-
import urllib
import hashlib
import hmac
import base64
class WebhookResponseObj:
def __init__(self, Currency, Amount, LinkRef, MerchantOrderRef, CountryCode, Status, Signature):
# Instance Variable
self.Currency = Currency
self.Amount = Amount
self.LinkRef = LinkRef
self.MerchantOrderRef = MerchantOrderRef
self.CountryCode = CountryCode
self.Status = Status
self.Signature = Signature
def GenerateSignature(WebhookResponseObj, secretKey):
f = {
'currency': WebhookResponseObj.Currency,
'amount': WebhookResponseObj.Amount,
'link_ref': WebhookResponseObj.LinkRef,
'merchant_order_ref': WebhookResponseObj.MerchantOrderRef,
'country_code': WebhookResponseObj.CountryCode,
'status': WebhookResponseObj.Status,
}
message1 = urllib.urlencode(f)
message = bytes(message1).encode('utf-8')
secret = bytes(secretKey).encode('utf-8')
signature = base64.b64encode(hmac.new(secret, message, digestmod=hashlib.sha256).digest())
if (signature !== WebhookResponseObj.Signature) {
Print("Hash verification failed, not from valid source")
return false;
} else {
Print("Hash verification succeded")
return true;
}