Ensuring Integrity
This section covers details about Secure Hash and ensuring the security of transcation
Passing Secure Hash in the request message is to check the integrity of the request, SHA-256 Algorithm is use to calculate the hash value from the request Message, this is normally created by key that Phicommerce provide at the time of merchant onboarding.
What is secret Key?
Secret Key is the Value which is attached to MerchantID that is created for every merchant at the time of onboarding, Phicommerce suggest the merchant to rotate the key every 90 days and its configurable and can be set by merchant when they would like to rotate the key.
What is secure Hash?
Secure Hash is the encrypted value which is formed by sorting all the request parameter in ascending order and concatenating the values of that parameter and using secret key and SHA-256 algorithm an encrypted text is formed which is then passed by merchant in request message
How Phicommerce Validates if the request is coming from correct source?
1.IP/Domain Validation: While integration make sure you configure IP/Domain Validation and test/perform UAT as this the mandatory check in production system.
2.Secure Hash- Phicommerce system also generates secure hash when request hits Phicommerce PG, system then compares the hash send in request by the merchant and the hash generated by Phicommerce system, if both matches then only system allows the transaction to move ahead else PG declines the request with message "Invalid Secure Hash".
Updated 2 months ago