Dark Mode

Generate Signature


Use case

There are two use kind of signature to be generated, one is to obtain access token, and another is for transaction which then encrypted using private/public key pair merchant generated previously.

Generate Signature To Obtain Access Token (B2B)

You can find the required structure of the string to be encrypted as below:

<X-CLIENT-KEY> | <X-TIMESTAMP> (on ISO8601 format)

which then signed using SHA256withRSA with Private/Public Key pair merchant has generated.

Example: merchant_client_key|2024-05-13T14:53:06.991+07:00

Final Result: X-Signature: aw3o6HM68vJDLO4nxAPgK0it5nd6zik3bUgMzqLiTrIB7w1QbnCLDo/IMVjaYsbPk9s=

Generate Signature For Transaction API

You can find the required structure of the string to be encrypted as below:

<HTTP METHOD> + ":" + <RELATIVE PATH URL> + ":" + <B2B ACCESS TOKEN> + ":" + LowerCase(HexEncode(SHA-256(Minify(<HTTP BODY>)))) + ":" + <X-TIMESTAMP>

which then encrypted using HMAC-SHA512 with merchant's secret key that Durianpay sent and encoded to Base64 format.

Example: POST:/v1.0/balance-inquiry:eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJEdXJpYW4gTW9uZXkiLC:f806c49e8cd175aa9dd5dd8e0a49648c885954d:2024-05-13T15:07:07+07:00

Final Result: X-Signature: tnNHFw5ZCWjnHFd9UGAB5iDLuwo+89efml8F1CP8vaqut/PfNWac/XLiCkLt3zGHTppZKPxz/PPptqM2alsOFA==