To ensure that all interactions with Gate are secure, all data that is transmitted between merchant system and Gate must be authenticated. The data is authenticated with the
signature parameter that must be included in all requests. A signature is a string generated by a one-way encoding on the basis of the request parameters and the secret key of the project.
Signature generation algorithm
The signature string is generated as follows:
- The parameters that are included in the request and their values are sequentially connected to the strings according to nesting level. For the parameters in arrays you must specify their index numbers directly. The separator is a colon (":").
- The resulting rows are sorted alphabetically and combined into a single line. The separator is a semicolon (";").
- For the resulting string, the HMAC code is calculated based on the SHA-512 algorithm and a secret key that is unique to your project. HMAC code should be output as raw binary data.
- The result is encoded in a Base64 algorithm and passed in the signature parameter.
For examples of code and signature generation see Signing Gate messages.