Generate Signature
Use case
There are two use kind of signature to be generated, one is to obtain access token, and another is for transaction which then encrypted using private/public key pair merchant generated previously.
Generate Signature To Obtain Access Token (B2B)
You can find the required structure of the string to be encrypted as below:
<X-CLIENT-KEY> | <X-TIMESTAMP>
(on ISO8601 format)
which then signed using SHA256withRSA
with Private/Public Key pair merchant has generated.
Example:
merchant_client_key|2024-05-13T14:53:06.991+07:00
Final Result: X-Signature: aw3o6HM68vJDLO4nxAPgK0it5nd6zik3bUgMzqLiTrIB7w1QbnCLDo/IMVjaYsbPk9s=
Generate Signature For Transaction API
You can find the required structure of the string to be encrypted as below:
<HTTP METHOD> + ":" + <RELATIVE PATH URL> + ":" + <B2B ACCESS TOKEN> + ":" + LowerCase(HexEncode(SHA-256(Minify(<HTTP BODY>)))) + ":" + <X-TIMESTAMP>
which then encrypted using HMAC-SHA512
with merchant's secret key that Durianpay sent and encoded to Base64
format.
Example: POST:/v1.0/balance-inquiry:eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJEdXJpYW4gTW9uZXkiLC:f806c49e8cd175aa9dd5dd8e0a49648c885954d:2024-05-13T15:07:07+07:00
Final Result: X-Signature: tnNHFw5ZCWjnHFd9UGAB5iDLuwo+89efml8F1CP8vaqut/PfNWac/XLiCkLt3zGHTppZKPxz/PPptqM2alsOFA==