Computing the IPN signature
The signature is computed by following the same logic as for creating the payment request.
The data submitted by the payment gateway is encoded in UTF-8. Any alteration of received data will result in signature computation error.
You must compute the signature with the fields received in the notification and not the ones that you transmitted in the payment request.
- Take all the fields whose name starts with vads_.
- Sort these fields alphabetically.
- Concatenate the values of these fields separating them with the "+” character.
- Concatenate the result with the test orproduction key separating them with the "+” characte.
Examples in PHP:
function getSignature ($params,$key)
{
/**
*Function that computes the signature.
* $params: table containing the fields received in the IPN.
* $key : TEST or PRODUCTION key
*/
//Initialization of the variable that will contain the string to encrypt
$signature_contents = "";
//Sorting fields alphabetically
ksort($params);
foreach($params as $name=>$value){
//Recovery of vads_ fields
if (substr($name,0,5)=='vads_'){
//Concatenation with "+"
$signature_contents .= $value."+";
}
}
//Adding the key at the end
$signature_contents .= $key;
//Encoding base64 encoded chain with HMAC-SHA-256 algorithm
$sign = base64_encode(hash_hmac('sha256',$signature_contents, $key, true));
return $sign;
}