Skip to end of metadata
Go to start of metadata

Authorization takes place via the Authorization header in the HTTP request and is subject to the following schema:

Authorization header example
Authorization: payone-hmac-sha256 VP35q2dC855VYEs0nzqTCbAx2BAUq1+oO1yByuvPcl4=

Example data:

DataExample value

The total amount is calculated as follows from the shopping cart:

"shoppingCart": [
        "type": "goods",
        "number": "article1",
        "price": 25,
        "quantity": 2,
        "vatRate": 7
        "type": "goods",
        "number": "article2",
        "price": 50,
        "quantity": 1,
        "vatRate": 7

Total amount calculation
article1.price * article1.quantity + article2.price * article2.quantity = totalAmount

The token is now calculated in the following way:

Step 1: Concatenating the data

Concatenating principle
merchantId + accountId + portalId + mode + reference + totalAmount + currency = dataToBeSigned

Concatenating example
18333 + 18334 + 2111222 + LIVE + uniqueReference + 100 + EUR = 18333183342111222LIVEuniqueReference100EUR

Step 2: Signing with the portalKey

HmacSAH256 principle
HmacSHA256(dataToBeSigned, portalKey) = signature
HmacSHA256 example
HmacSHA256(18333183342111222LIVEuniqueReference100EUR, superSecret) = signature

Step 3: Base64 encoding

Base64 principle
Base64(signature) = token

Base64 example
Base64(signature) = cBSvOHskJqf0Si/5ZP+mlM8lCm0zvT/YbH6MvvQWNBs=

Finally we put the result in the header and get the request header:

Example header
Authorization: payone-hmac-sha256 cBSvOHskJqf0Si/5ZP+mlM8lCm0zvT/YbH6MvvQWNBs=

The principle remains the same the data to be signed is now: linkId

Example get single link
Base64(HmacSHA256(linkId, portalKey))

The principle remains the same

Get all links
Base64(HmacSHA256(merchantId + accountId + portalId + mode, portalKey))

  • No labels