# Security
How to make safe payment requests.
# Signature
The signature should use SHA256 as HMAC hash function.
| Header | Type | Description |
|---|---|---|
| Content-Type | string | application/json; charset=UTF-8 |
| AppId | string | Your App ID in payout platform |
| Authorization | string | SHA256( $sorted_params + $app _key) |
TIP
Find $AppId , $app_key from the merchant dashboard.
# Sign Method
Ascendingly, sorted request params, check examples below;
Concatenate sorted_params with app_key.
Use sha256(sorted_params + app_key) to get the Authorization.
TIP
When sorting parameters, strip the ones with no value.
WARNING
Letters in Authorization need to be lower case.
# Sign Coding Example
# Sign Example
Sample request:
{
"account_digit": "4",
"account_number": "1234567",
"account_type": "CHECKING",
"additional_remark": "1234567_test",
"amount": "10.00",
"bankcode": "001",
"branch": "0001",
"custom_code": "1234567",
"document_id": "50284414727",
"document_type": "CPF",
"fee": "merchant",
"name": "Test User Name",
"notify_url": "https://www.transfersmile.com",
"payout_currency": "BRL",
"source_currency": "BRL"
}
Sorted parameter before hash:
account_digit=4&account_number=1234567&account_type=CHECKING&additional_remark=1234567_test&amount=10.00&bankcode=001&branch=0001&custom_code=1234567&document_id=50284414727&document_type=CPF&fee=merchant&name=Test User Name&notify_url=https://www.transfersmile.com&payout_currency=BRL&source_currency=BRL
Concatenate sorted_params with app_key (exmaple app key ABCDE) :
account_digit=4&account_number=1234567&account_type=CHECKING&additional_remark=1234567_test&amount=10.00&bankcode=001&branch=0001&custom_code=1234567&document_id=50284414727&document_type=CPF&fee=merchant&name=Test User Name&notify_url=https://www.transfersmile.com&payout_currency=BRL&source_currency=BRLABCDE
sha256 hash
b15f900705867ecc3f66088054c14a80f9f12b1fb31c82320c4cbfe181876abb