Hash Signature

Hash-signature

What is hashing

Hashing is the process of converting an input of any length into a fixed sized string of text involving a mathematical function, this generates an array of letters and number through an algorithm.

Hashing process key features

Represent data as a short string.

  • Impossible to recover the data from the produced hashing output.

  • Verify the downloaded document.

  • Using for digital signature (authentication, non-repudiation and integrity).

Hash-signature

Digital signature can be generated, when hashes with asymmetric encryption were combined. This provides:

Integrity: The message was received is the same message that originally was sent. Authentication: The message which received is really sent by sender. Non-repudiation: The received message is not fake or provide by third party.

Ottu hash-signature

Ottu using hash-signature to support the security and trustability, by hashing part of the payload parameters and send hash-signature with every payload. This allows Ottu to ensure the data has not modified or cut within the payment transition process.

Algorithm used

SHA256

Fields used

amount

currency_code

customer_first_name

customer_last_name

customer_email

customer_phone

customer_address_line1

customer_address_line2

customer_address_city

customer_address_state

customer_address_country

customer_address_postal_code

gateway_name

gateway_account

order_no

reference_number

result

state

Ottu hash-signature key

Ottu using the key defined by the merchant.

Fill the Key field and click save.

Ottu signing API

In order to ensure that the hashing is completed properly, Ottu uses a signing API. Signing API should be limited to validation of implementation, not signing of responses.

End point {ottu_host}/b/pbl/v2/sign

Request body

{
   "amount":"86.00",
   "currency_code":"KWD",
   "customer_first_name":"kenana"
}

Response body

{
   "signature":"5ea4c38edb1133e6ea5ba25322ce486c435ab04f14f20dae056a09e14946847a"
}

Implementation (Hash-signature)

Same hashing key

Hash-signature (developing side)

Hashing KEY=3323232

our key: 3323232
message-before---->:
 [('amount', '86.00'), 
('currency_code', 'KWD'), ('customer_first_name', 'kenana')]
message-after-----> amount86.00currency_codeKWDcustomer_first_namekenana

------- HASHING IS DONE ----------
Out[2]: ('5ea4c38edb1133e6ea5ba25322ce486c435ab04f14f20dae056a09e14946847a')

Hash-signature (Ottu Signing API)

Hashing KEY=3323232

End point {ottu_host}/b/pbl/v2/sign

Request body

{
   "amount":"86.00",
   "currency_code":"KWD",
   "customer_first_name":"kenana"
}

Response body

{
   "signature":"5ea4c38edb1133e6ea5ba25322ce486c435ab04f14f20dae056a09e14946847a"
}

The generated hash-signature by two sides are exactly the same.

Different hashing key

Hash-signature (developing side)

Hashing KEY=3323232

our key: 3323232
message-before---->:
 [('amount', '86.00'), 
('currency_code', 'KWD'), ('customer_first_name', 'kenana')]
message-after-----> amount86.00currency_codeKWDcustomer_first_namekenana

------- HASHING IS DONE ----------
Out[2]: ('5ea4c38edb1133e6ea5ba25322ce486c435ab04f14f20dae056a09e14946847a')

Hash-signature (Ottu Signing API)

Hashing KEY=1234 From the merchant dashboard administration panel, change the Hashing KEY to 1234

Request body

{
   "amount":"86.00",
   "currency_code":"KWD",
   "customer_first_name":"kenana"
}

Response body

{
   "signature":"5ea4c38edb1133e6ea5ba25322ce486c435ab04f14f20dae056a09e14946847a"
}

The generated hash-signatures by two sides are not the same.

API whitelisting

Ottu enables merchant(s) to determine the IP list for accessing the API.

Check Enable API, and fill the IP address, then click save button.

In conjunction with the payment transaction type, the whitelisting IP address should be applied to the checkout API. For instance, type of payment transaction is ecommerce.

Fill the IP address, then click save button.

PreviousTest Cards

Last updated