Sign Token

Sign Token используется для обеспечения целостности запроса.

Подпись формируется

Для запроса - при объединении запроса и пути запроса с параметрами
Для ответа - только тело ответа

после чего выполняется хэширование с использованием алгоритма HMAC SHA-256 и секрета Sign Token

Пример:

Запрос

{
    "hmId":"0c3a5f71-8fc1-4dde-8f75-38d04730680f",
    "amount":"1500.00",
    "currency":"RUB",
    "currencyRate":"97.34",
}/hm/v1/payments/card

Ответ

{
    "id": "payment-id-123",
    "cardNumber": "123123123",
    "owner": "John Doe",
    "bankName": "BankOfAmerica"
}

Примеры кода для создания подписи запроса:

import hashlib
import hmac
from urllib.parse import urlparse

def calculate_request_signature(url: str, request_json: str, secret: str) -> str:
    parsed_url = urlparse(url)
    signature_string = request_json + parsed_url.path + parsed_url.query
    
    signature = hmac.new(secret.encode('utf-8'), signature_string.encode('utf-8'), hashlib.sha256).hexdigest()

    return signature


def calculate_response_signature(response_json: str, secret: str) -> str:
    signature = hmac.new(secret.encode('utf-8'), response_json.encode('utf-8'), hashlib.sha256).hexdigest()

    return signature

request = """{
    "hmId":"0c3a5f71-8fc1-4dde-8f75-38d04730680f",
    "amount":"1500.00",
    "currency":"RUB",
    "currencyRate":"97.34"
}"""

url = "https://example.com/hm/v1/payments/card"

secret = "secret-key"

print(calculate_request_signature(url, request, secret))

response = """{
    "id": "payment-id-123",
    "cardNumber": "123123123",
    "owner": "John Doe",
    "bankName": "BankOfAmerica"
}"""

print(calculate_response_signature(response, secret))

function calculateSignature($url, $requestJson, $secret) {
    $signatureString = $requestJson.parse_url($url, PHP_URL_PATH).parse_url($url, PHP_URL_QUERY)
    $signature = hash_hmac('sha256', $signatureString, $secret);
    return $signature;
}

const crypto = require('crypto');
function calculateSignature(url, requestJson, secret) {
 const signatureString = requestJson + url.pathname + url.search;
 const hmac = crypto.createHmac('sha256', secret);
 hmac.update(signatureString);
 return hmac.digest('hex');
}

using System.Security.Cryptography;

public string CalculateSignature(string url, string requestJson, string secret)
{
    string signatureString = requestJson + url;

    using (var hmac = new HMACSHA256(Encoding.UTF8.GetBytes(secret)))
    {
        byte[] hashBytes = hmac.ComputeHash(Encoding.UTF8.GetBytes(signatureString));
        return Convert.ToBase64String(hashBytes);
    }
}

import org.apache.commons.codec.digest.HmacUtils;
import org.apache.commons.codec.binary.Hex;
import java.net.URI;
import java.nio.charset.StandardCharsets;


public String calculateSignature(URI url, String requestJson, String secret) {
   String signatureString = requestJson + url.getPath() + url.getQuery();

   byte[] hmacSha256 = HmacUtils.hmacSha256(secret.getBytes(StandardCharsets.UTF_8), signatureString);
   
   return Hex.encodeHexString(hmacSha256);

}

PreviousAuth Token NextЗаявки на ввод

Last updated 7 months ago