Authorization takes place via the Authorization header in the HTTP request and is subject to the following schema:

Authorization header example
Authorization: payone-hmac-sha256 VP35q2dC855VYEs0nzqTCbAx2BAUq1+oO1yByuvPcl4=

Example data:

DataExample value
merchantId18333
accountId18334
portalId2111222
modeLIVE
referenceuniqueReference
totalAmount100
currencyEUR
portalKeysuperSecret

The total amount is calculated as follows from the shopping cart:

shoppingCart
"shoppingCart": [
    {
        "type": "goods",
        "number": "article1",
        "price": 25,
        "quantity": 2,
        "vatRate": 7
    },
    {
        "type": "goods",
        "number": "article2",
        "price": 50,
        "quantity": 1,
        "vatRate": 7
    }
]


Total amount calculation
article1.price * article1.quantity + article2.price * article2.quantity = totalAmount

The token is now calculated in the following way:

Step 1: Concatenating the data

Concatenating principle
merchantId + accountId + portalId + mode + reference + totalAmount + currency = dataToBeSigned


Concatenating example
18333 + 18334 + 2111222 + LIVE + uniqueReference + 100 + EUR = 18333183342111222LIVEuniqueReference100EUR

Step 2: Signing with the portalKey

HmacSAH256 principle
HmacSHA256(dataToBeSigned, portalKey) = signature
HmacSHA256 example
HmacSHA256(18333183342111222LIVEuniqueReference100EUR, superSecret) = signature

Step 3: Base64 encoding

Base64 principle
Base64(signature) = token


Base64 example
Base64(signature) = cBSvOHskJqf0Si/5ZP+mlM8lCm0zvT/YbH6MvvQWNBs=

Finally we put the result in the header and get the request header:

Example header
Authorization: payone-hmac-sha256 cBSvOHskJqf0Si/5ZP+mlM8lCm0zvT/YbH6MvvQWNBs=

The principle remains the same the data to be signed is now: linkId

Example get single link
Base64(HmacSHA256(linkId, portalKey))

The principle remains the same

Get all links
Base64(HmacSHA256(merchantId + accountId + portalId + mode, portalKey))

  • No labels