Skip to main content

About the signature

In Amanpay, digital signatures are used to ensure payment security. That is why it's required that you always add the signature to your requests and be able to verify signatures in responses and callbacks from Amanpay.

The signature is placed in the Authorization header of a request and represents a SHA-512 hash generated from request parameter values and your secret key.

curl -X POST "https://gateway.amanpay.io/payments/purchases/status" \
  -H "Content-Type: application/json" \
  -H "Authorization: 58394ddf08b6851a30e1063758d20610c35282b4751c1c1beacbcd7e991e120135826ad877fb9fff64eb4b6402f4fc274ce7f5f1f03b93b028758ecde631e102" \
  -d '{
    "merchantId": 1758378,
    "paymentId": "payment_812"
}'

Signature generation

Before generating the signature for requests to the Amanpay payment platform, make sure you got your secret key from your account manager at Amanpay.

To sign a request to be sent to the Amanpay payment platform:

  1. Among the parameters of your request, select the parameters necessary for generating the signature and place them in the required order:
  2. Create a string of the parameter values and add your secret key to it.
  3. Calculate a hash for the string using SHA-512.
  4. Use the output in the Authorization header.

Zeros in the decimal part of a payment amount must be also included in a string when generating the signature for requests.

Here is an example of a string of parameter values used for generating the signature: 250.00BDT1758378payment_812mysecretkey

Example of signing a purchase request

Here is a step-by-step description of how to sign a purchase request as follows:

{
    "merchantId": 1758378,
    "paymentId": "payment_812",
    "amount": 250.00,
    "currency": "BDT",
    "customerId": "customer174",
    "customerEmail": "mark_cooper@example.com"
}
  1. Selecting the parameters required for generating the signature and placing them in the required order. 
    {
        "amount": 250.00,
        "currency": "BDT",
        "merchantId": 1758378,
        "paymentId": "payment_812"
    }
  2. Creating a string of the parameter values and adding a secret key to it. In the following example, mysecretkey is used as the secret key. 
    250.00BDT1758378payment_812mysecretkey
  3. Calculating a hash for the string using SHA-512. 
    faeda7704f887f7b6772c7f7888da1630c0421f933b4c3ad3e4be0d6489d576a77a6c77e2846b889334027a27a38635196342dcabac0352dd1c2d75d51a1250b
  4. Placing the output in the Authorization header. 
    curl -X POST "https://gateway.amanpay.io/payments/purchases/initiate" \
      -H "Content-Type: application/json" \
      -H "Authorization: faeda7704f887f7b6772c7f7888da1630c0421f933b4c3ad3e4be0d6489d576a77a6c77e2846b889334027a27a38635196342dcabac0352dd1c2d75d51a1250b" \
      -d '{
        "merchantId": 1758378,
        "paymentId": "payment_812",
        "amount": 250.00,
        "currency": "BDT",
        "customerId": "customer174",
        "customerEmail": "mark_cooper@example.com"
      }'

Signature verification

To verify a digital signature received in a response or callback from Amanpay:

  1. Among the parameters of a response or callback, select the parameters: amount, currency, paymentId, transactionId, status.
  2. Place the parameters in the following order: amount, currency, your merchantId, paymentId, transactionId, status.
  3. Create a string of the parameter values and add your secret key to it.
  4. Calculate a hash for the string using SHA-512.
  5. Compare the output with the signature that Amanpay sent you in the response or callback.

If the signature calculated in your system and the signature in the response or callback from Amanpay don't align, reach out to the Amanpay support team.

Have questions about signature generation and verification? Please contact us at support@amanpay.io.