ECommPay Gate API
ECommPay Gate API
Flutterwave
Card payments
Token operations
Cash Voucher actions
Additional information submission
ADVCash
Apple Pay
Asian Banks
ATM
Bancontact
Banks
Bank Transfer
Card payments via partners
Card-to-card money transfer via partners
Cash
Cash in Kazakhstan
China UnionPay
Crypto
EcoPayz
Money transfer payments
Google Pay
Interac E-Transfer
Mobile
M-Pesa
Neteller
Online banking
Payment links
Qiwi Wallet
Skrill
Turkey QR
Voucher
Wallet
Wallet payments via partners
WebMoney
Requests for customer details
Customer actions
Requests for information
Neosurf
Models
Powered by Stoplight

Authentication

To ensure that all interactions with the payment platform are secure, all data that is transmitted from the merchant’s web service to the platform must be authenticated with the signature parameter. A signature is a string generated from a set of data to be signed with the use of a secret key and an encryption algorithm, and it must be included in all requests. Signatures are also used in callbacks and certain responses (with the exception of responses that contain general information without the payment or customer details).

The signature string is generated as follows:

  1. The data to sign is validated: it must conform to the JSON format and must not contain a signature parameter even if this parameter is empty.
  2. The parameters that are included in the request body and their values are sequentially connected to the strings according to the nesting level. For the parameters in arrays, specify their index numbers directly. The separator is a colon (‘:‘). The resulting rows are sorted alphabetically and combined into a single line. The separator is a semicolon (‘;‘).
  3. For the resulting string, the HMAC is calculated based on the SHA-512 hash function and the secret key provided by ECommPay. HMAC should be output as raw binary data.
  4. The result is encoded using the Base64 scheme.
  5. The result is passed as a value of the signature parameter that is added to the request body in the appropriate place according to the specification.

For more information and interactive forms to test using signatures, see Signature generation and verification.