The smarter way
Search
K

Hash Signature

Hashing is the process of converting an input of any length into a fixed sized string of text involving a mathematical function, this generates an array of letters and number through an algorithm.

Hashing process key features

Represent data as a short string.
  • Impossible to recover the data from the produced hashing output.
  • Verify the downloaded document.
  • Using for digital signature (authentication, non-repudiation and integrity).

Hash-signature

Digital signature can be generated, when hashes with asymmetric encryption were combined. This provides:
Integrity: The message was received is the same message that originally was sent. Authentication: The message which received is really sent by sender. Non-repudiation: The received message is not fake or provide by third party.
Ottu using hash-signature to support the security and trustability, by hashing part of the payload parameters and send hash-signature with every payload. This allows Ottu to ensure the data has not modified or cut within the payment transition process.
SHA256
amount
currency_code
customer_first_name
customer_last_name
customer_email
customer_phone
customer_address_line1
customer_address_line2
customer_address_city
customer_address_state
customer_address_country
customer_address_postal_code
gateway_name
gateway_account
order_no
reference_number
result
state
Ottu using the key defined by the merchant.
Fill the Key field and click save.
In order to ensure that the hashing is completed properly, Ottu uses a signing API. Signing API should be limited to validation of implementation, not signing of responses.

End point {ottu_host}/b/pbl/v2/sign
Request body
{
"amount":"86.00",
"currency_code":"KWD",
"customer_first_name":"kenana"
}
Response body
{
"signature":"5ea4c38edb1133e6ea5ba25322ce486c435ab04f14f20dae056a09e14946847a"
}

Hash-signature (developing side)

Hashing KEY=3323232
our key: 3323232
message-before---->:
[('amount', '86.00'),
('currency_code', 'KWD'), ('customer_first_name', 'kenana')]
message-after-----> amount86.00currency_codeKWDcustomer_first_namekenana
------- HASHING IS DONE ----------
Out[2]: ('5ea4c38edb1133e6ea5ba25322ce486c435ab04f14f20dae056a09e14946847a')

Hash-signature (Ottu Signing API)

Hashing KEY=3323232
End point {ottu_host}/b/pbl/v2/sign
Request body
{
"amount":"86.00",
"currency_code":"KWD",
"customer_first_name":"kenana"
}
Response body
{
"signature":"5ea4c38edb1133e6ea5ba25322ce486c435ab04f14f20dae056a09e14946847a"
}
The generated hash-signature by two sides are exactly the same.

Hash-signature (developing side)

Hashing KEY=3323232
our key: 3323232
message-before---->:
[('amount', '86.00'),
('currency_code', 'KWD'), ('customer_first_name', 'kenana')]
message-after-----> amount86.00currency_codeKWDcustomer_first_namekenana
------- HASHING IS DONE ----------
Out[2]: ('5ea4c38edb1133e6ea5ba25322ce486c435ab04f14f20dae056a09e14946847a')

Hash-signature (Ottu Signing API)

Hashing KEY=1234 From the merchant dashboard administration panel, change the Hashing KEY to 1234
Request body
{
"amount":"86.00",
"currency_code":"KWD",
"customer_first_name":"kenana"
}
Response body
{
"signature":"5ea4c38edb1133e6ea5ba25322ce486c435ab04f14f20dae056a09e14946847a"
}
The generated hash-signatures by two sides are not the same.
Ottu enables merchant(s) to determine the IP list for accessing the API.
Check Enable API, and fill the IP address, then click save button.
In conjunction with the payment transaction type, the whitelisting IP address should be applied to the checkout API. For instance, type of payment transaction is ecommerce.
Fill the IP address, then click save button.
Last modified 1yr ago