This is in regard to the HPSDK (hosted payments SDK)
According to this documentation the x_signature field is calculated from
a string of all key-value pairs that start with
x_prefix, sorted alphabetically, and concatenated without separators
The x_signature can be tested by using this tool here where one can fill in the message fields, key and then check the signature against their own to ensure the calculation is correct. We did this, and can confirm that our signature calculation agreed with the demo (see this example) however, when we receive a payment request message from Shopify to our gateway, the signature appears to be invalid.
Is the instruction above which indicates that the message in the HMAC calculation is "a string of all key-value pairs that start with
x_ prefix" correct? I noticed that there are a few other fields being sent in the request that are not covered in the documentation. See the below Shopify request form post:
- x_description=webdevzw - #385372422164
Any help would be greatly appreciated.
To clarify, you need only alphabetically sort all fields beginning with x_, sort them alphabetically, and join them into a single string with no spearators for computation. Following those rules, you shouldn't have to worry about if more/fewer fields beginning with x_ are provided as the above algorithm should safely still apply.
Thanks for your response Alex - spot on. Sorry to have been a moron, we were using a GUID as our secret key directly to byte array which meant it was in fact UPPERCASE characters, whilst our Shopify payment method setup was being given the GUID as a string in lowercase (facepalm)
Fixed and working like a charm using ASP.Net C#
Would you love to unleash the unbridled power of the Google Shopping Channel into your sho...By Gabe Jan 6, 2023
How can you turn a hobby into a career? That’s what Emmanuel did while working as a wa...By Skye Dec 30, 2022