Sign Token

Sign Token используется для обеспечения целостности запроса.

Подпись формируется

Для запроса - при объединении запроса и пути запроса с параметрами
Для ответа - только тело ответа

после чего выполняется хэширование с использованием алгоритма HMAC SHA-256 и секрета Sign Token

Пример:

Запрос

{
    "hmId":"0c3a5f71-8fc1-4dde-8f75-38d04730680f",
    "amount":"1500.00",
    "currency":"RUB",
    "currencyRate":"97.34",
}/hm/v1/payments/card

Ответ

{
    "id": "payment-id-123",
    "cardNumber": "123123123",
    "owner": "John Doe",
    "bankName": "BankOfAmerica"
}

Примеры кода для создания подписи запроса:

import hashlib
import hmac
from urllib.parse import urlparse

def calculate_request_signature(url: str, request_json: str, secret: str) -> str:
    parsed_url = urlparse(url)
    signature_string = request_json + parsed_url.path + parsed_url.query
    
    signature = hmac.new(secret.encode('utf-8'), signature_string.encode('utf-8'), hashlib.sha256).hexdigest()

    return signature


def calculate_response_signature(response_json: str, secret: str) -> str:
    signature = hmac.new(secret.encode('utf-8'), response_json.encode('utf-8'), hashlib.sha256).hexdigest()

    return signature

request = """{
    "hmId":"0c3a5f71-8fc1-4dde-8f75-38d04730680f",
    "amount":"1500.00",
    "currency":"RUB",
    "currencyRate":"97.34"
}"""

url = "https://example.com/hm/v1/payments/card"

secret = "secret-key"

print(calculate_request_signature(url, request, secret))

response = """{
    "id": "payment-id-123",
    "cardNumber": "123123123",
    "owner": "John Doe",
    "bankName": "BankOfAmerica"
}"""

print(calculate_response_signature(response, secret))

function calculateSignature($url, $requestJson, $secret) {
    $signatureString = $requestJson.parse_url($url, PHP_URL_PATH).parse_url($url, PHP_URL_QUERY)
    $signature = hash_hmac('sha256', $signatureString, $secret);
    return $signature;
}

const crypto = require('crypto');
function calculateSignature(url, requestJson, secret) {
 const signatureString = requestJson + url.pathname + url.search;
 const hmac = crypto.createHmac('sha256', secret);
 hmac.update(signatureString);
 return hmac.digest('hex');
}

using System.Security.Cryptography;

public string CalculateSignature(string url, string requestJson, string secret)
{
    string signatureString = requestJson + url;

    using (var hmac = new HMACSHA256(Encoding.UTF8.GetBytes(secret)))
    {
        byte[] hashBytes = hmac.ComputeHash(Encoding.UTF8.GetBytes(signatureString));
        return Convert.ToBase64String(hashBytes);
    }
}

import org.apache.commons.codec.digest.HmacUtils;
import org.apache.commons.codec.binary.Hex;
import java.net.URI;
import java.nio.charset.StandardCharsets;


public String calculateSignature(URI url, String requestJson, String secret) {
   String signatureString = requestJson + url.getPath() + url.getQuery();

   byte[] hmacSha256 = HmacUtils.hmacSha256(secret.getBytes(StandardCharsets.UTF_8), signatureString);
   
   return Hex.encodeHexString(hmacSha256);

}

PreviousAuth Token NextЗаявки на ввод

Last updated 5 months ago

import hashlib import hmac from urllib.parse import urlparse def calculate_request_signature(url: str, request_json: str, secret: str) -> str: parsed_url = urlparse(url) signature_string = request_json + parsed_url.path + parsed_url.query signature = hmac.new(secret.encode('utf-8'), signature_string.encode('utf-8'), hashlib.sha256).hexdigest() return signature def calculate_response_signature(response_json: str, secret: str) -> str: signature = hmac.new(secret.encode('utf-8'), response_json.encode('utf-8'), hashlib.sha256).hexdigest() return signature request = """{ "hmId":"0c3a5f71-8fc1-4dde-8f75-38d04730680f", "amount":"1500.00", "currency":"RUB", "currencyRate":"97.34" }""" url = "https://example.com/hm/v1/payments/card" secret = "secret-key" print(calculate_request_signature(url, request, secret)) response = """{ "id": "payment-id-123", "cardNumber": "123123123", "owner": "John Doe", "bankName": "BankOfAmerica" }""" print(calculate_response_signature(response, secret))

function calculateSignature($url, $requestJson, $secret) { $signatureString = $requestJson.parse_url($url, PHP_URL_PATH).parse_url($url, PHP_URL_QUERY) $signature = hash_hmac('sha256', $signatureString, $secret); return $signature; }

const crypto = require('crypto'); function calculateSignature(url, requestJson, secret) { const signatureString = requestJson + url.pathname + url.search; const hmac = crypto.createHmac('sha256', secret); hmac.update(signatureString); return hmac.digest('hex'); }

using System.Security.Cryptography; public string CalculateSignature(string url, string requestJson, string secret) { string signatureString = requestJson + url; using (var hmac = new HMACSHA256(Encoding.UTF8.GetBytes(secret))) { byte[] hashBytes = hmac.ComputeHash(Encoding.UTF8.GetBytes(signatureString)); return Convert.ToBase64String(hashBytes); } }

import org.apache.commons.codec.digest.HmacUtils; import org.apache.commons.codec.binary.Hex; import java.net.URI; import java.nio.charset.StandardCharsets; public String calculateSignature(URI url, String requestJson, String secret) { String signatureString = requestJson + url.getPath() + url.getQuery(); byte[] hmacSha256 = HmacUtils.hmacSha256(secret.getBytes(StandardCharsets.UTF_8), signatureString); return Hex.encodeHexString(hmacSha256); }