Integrity

OxPay ensures the integrity with a cryptographically generated signature. Merchants need to sign the payload using the Sign Key and create a signature.

Prepare Signature

Python

Python version : 3.11.7

import json
import hashlib
import hmac
    
sign_key = '<SIGN_KEY>'.encode()

def reformat_json(json_string: str) -> str:
    """
    Remove all line breaks and whitespaces only in the structure (does not apply to data in the payload). Do not change the original order. You can refer following example code 
    """
    data_json = json.loads(json_string)
    return json.dumps(data_json, separators=(",", ":"))

json_string = """{
    "field_one": "value one",
    "field_three": "value three",
    "field_two": "value two"
}"""

reformatted_json_string = reformat_json(json_string)

signature = hmac.new(sign_key, reformatted_json_string, hashlib.sha256).hexdigest()

print(signature)

Java

import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;

import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;

public class Main {
    public static void main(String[] args) {
        String signKey = "<SIGN_KEY>";
        String jsonInput = """
                {
                    "field_one": "value one",
                    "field_three": "value three",
                    "field_two": "value two"
                }""";

        String reformattedJsonString = reformatJson(jsonInput);
        String signature = generateHmacSignature(signKey, reformattedJsonString);

        System.out.println(signature);
    }

    private static String reformatJson(String jsonInput) {
        try {
            ObjectMapper mapper = new ObjectMapper();
            JsonNode jsonNode = mapper.readTree(jsonInput);
            return mapper.writeValueAsString(jsonNode);
        } catch (JsonProcessingException e) {
            e.printStackTrace();
            return "";
        }
    }

    private static String generateHmacSignature(String signKey, String data) {
        try {
            Mac sha256Hmac = Mac.getInstance("HmacSHA256");
            SecretKeySpec secretKey = new SecretKeySpec(signKey.getBytes(), "HmacSHA256");
            sha256Hmac.init(secretKey);

            byte[] hmacBytes = sha256Hmac.doFinal(data.getBytes());
            StringBuilder hexStringBuilder = new StringBuilder();

            for (byte b : hmacBytes) {
                hexStringBuilder.append(String.format("%02x", b));
            }

            return hexStringBuilder.toString();
        } catch (NoSuchAlgorithmException | InvalidKeyException e) {
            e.printStackTrace();
            return "";
        }
    }
}

PHP

$signKey = '<SIGN_KEY>';
$jsonString = '{
    "field_one": "value one",
    "field_three": "value three",
    "field_two": "value two"
}';

$reformattedJsonString = reformatJson($jsonString);
$signature = generateHmacSignature($signKey, $reformattedJsonString);

echo $signature;

function reformatJson($jsonString) {
    $data = json_decode($jsonString);
    return json_encode($data, JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES);
}

function generateHmacSignature($signKey, $data) {
    $hash = hash_hmac('sha256', $data, $signKey, true);
    return bin2hex($hash);
}