OPay API Signature
Signature authentication ensures the highest level of security for your payment creation requests. Not only does it provide a secure authentication mechanism, but also it ensures the integrity of your request payload, that is the content of your request payload has not been altered since it was transmitted from your side. OPay signatures are calculated using HMAC-SH512 applied to payload and signed with your secret key.
Your public key should be used for authorization header of the following API calls:
API Signature Calculator
The authorization header of API requests that require signature authentication should contain your HMAC-SHA512 signature of your payload signed using your secret key and merchant ID.
Authorization: Bearer {signature}
MerchantId : 256612345678901
The following section helps you generate a signature from the HMAC computation of the private key and request payload.
Sample Code
For an appropriate generation for the required HMAC SHA-512 signature, you need to:
- Sort your request payload JSON according to the alphabetical order of the request keys.
- Sign the sorted JSON with your secret key using HMAC SHA-512 algorithm.
The following code snippet helps you generate the HMAC SHA-512 signature required for OPay APIs can be found below:
// This snippet requires jsSHA javascript library
function isJson(str) {
try {
JSON.parse(str);
} catch (e) {
return false;
}
return true;
}
function sort(value){
if(typeof value == 'object'){
if(value.constructor===Array){
const arr = [];
value.forEach((item)=>{arr.push(sort(item))})
return arr;
}else if(value.constructor===Object){
const ordered = Object.keys(value).sort().reduce(
(obj, key) => {
obj[key] = sort(value[key]);
return obj;
},
{}
);
return ordered;
}
}
return value;
}
function generateSignature()
{
let secret_key = document.getElementById('signature-secret').value;
let payload = document.getElementById('notification-callback-payload').value;
let sorted_payload = document.getElementById('sorted-callback-payload');
let generated_signature = document.getElementById('generated_signature');
let payload_json = "";
let ordered = "";
if(isJson(payload.toString()))
{
payload_json = JSON.parse(payload);
const ordered_payload =sort(payload_json);
ordered = JSON.stringify(ordered_payload);
sorted_payload.value = JSON.stringify(ordered_payload, undefined, 4);
const hash = new jsSHA("SHA-512" , "TEXT", { hmacKey: { value: secret_key.toString() , format: "TEXT" } });
hash.update(ordered);
generated_signature.value = hash.getHash("HEX");
}
else
{
alert('Please enter the correct JSON format');
}
}
