OPay API Signature

Signature authentication ensures the highest level of security for your payment creation requests. Not only does it provide a secure authentication mechanism, but also it ensures the integrity of your request payload, that is the content of your request payload has not been altered since it was transmitted from your side. OPay signatures are calculated using HMAC-SH512 applied to payload and signed with your secret key.

Your public key should be used for authorization header of the following API calls:

  1. Cashier Payment Status
  2. Cashier Payment Refund
  3. Cashier Refund Status
  4. Cashier Payment Close
  5. Cashier Reversal Status

API Signature Calculator

The authorization header of API requests that require signature authentication should contain your HMAC-SHA512 signature of your payload signed using your secret key and merchant ID.

                   
                       Authorization: Bearer {signature}
                       MerchantId   : 256612345678901
                   
                

The following section helps you generate a signature from the HMAC computation of the private key and request payload.

Enter your OPay Secret Key
Enter OPay API Payload

Sample Code

For an appropriate generation for the required HMAC SHA-512 signature, you need to:

  1. Sort your request payload JSON according to the alphabetical order of the request keys.
  2. Sign the sorted JSON with your secret key using HMAC SHA-512 algorithm.

The following code snippet helps you generate the HMAC SHA-512 signature required for OPay APIs can be found below:

                    
                        // This snippet requires jsSHA javascript library
                        function isJson(str) {
                            try {
                                JSON.parse(str);
                            } catch (e) {
                                return false;
                            }
                            return true;
                        }
                        function sort(value){
                            if(typeof value == 'object'){
                                if(value.constructor===Array){
                                    const arr = [];
                                    value.forEach((item)=>{arr.push(sort(item))})
                                    return arr;
                                }else if(value.constructor===Object){
                                    const ordered = Object.keys(value).sort().reduce(
                                        (obj, key) => {
                                            obj[key] = sort(value[key]);
                                            return obj;
                                        },
                                        {}
                                    );
                                    return ordered;
                                }

                            }
                            return value;
                        }
                        function generateSignature()
                        {
                            let secret_key = document.getElementById('signature-secret').value;
                            let payload = document.getElementById('notification-callback-payload').value;
                            let sorted_payload = document.getElementById('sorted-callback-payload');
                            let generated_signature = document.getElementById('generated_signature');
                            let payload_json = "";
                            let ordered = "";

                            if(isJson(payload.toString()))
                            {
                                 payload_json = JSON.parse(payload);
                                 const ordered_payload =sort(payload_json);
                                 ordered = JSON.stringify(ordered_payload);
                                 sorted_payload.value = JSON.stringify(ordered_payload, undefined, 4);
                                 const hash = new jsSHA("SHA-512" , "TEXT", { hmacKey: { value: secret_key.toString() , format: "TEXT" } });
                                 hash.update(ordered);
                                 generated_signature.value = hash.getHash("HEX");
                            }
                            else
                            {
                                alert('Please enter the correct JSON format');
                            }
                        }
                    
                

See Also

User Profile 12 messages

James Jones
Application Developer
Recent Notifications
Another purpose persuade Due in 2 Days
+28%
Would be to people Due in 2 Days
+50%
-27%
The best product Due in 2 Days
+8%