9 posts / 0 new
Last post
usmankhwaja9557
HMAC using CryptoJS

My generated HMAC does not match HMAC generator on the sandbox page. Please help me. What am I doing wrong? Note that I can get successful response when I use HMAC generated from the sandbox page using my own apikey, token, secret, and payload. But when I do it using the following method. I get HMAC authorization failed error. My timestamp is correct (matches the one on sandbox page) so that is not causing the problem.

var param = apikey + nonce + timestamp + token + array;
var hash = CryptoJS.HmacSHA256(param, api_secret);
var authorization = CryptoJS.enc.Base64.stringify(hash);

array = "{
"merchant_ref": "a",
"method": "credit_card",
"transaction_type": "authorize",
"amount": "25000",
"currency_code": "USD",
"credit_card": {
"cardholder_name": "abcd",
"type": "Visa",
"card_number": "4005519200000004",
"exp_date": "1122",
"cvv": "123"
}
}"

var time = new Date();
var timestamp = time.getTime().toString();


rohitrajagopal3538
Re: HMAC using CryptoJS

Usman - can you try this?

getAuthorizationHeader: function (apiKey, apiSecret, payload, token, nonce, timestamp) {
            var data = apiKey + nonce + timestamp + token + payload;
            var digest = CryptoJS.HmacSHA256(data, apiSecret);
            var header = new Buffer(digest.toString()).toString('base64');
            return header;
        },


usmankhwaja9557
Re: HMAC using CryptoJS

Im still getting "HMAC validation Failure"

this is my data

Z14h0wGBroQnm7QNMb3jHIRG90Nxsgfp44345374433753380001468905434669fdoa-ec73943832319b139b89aedcdc619bc8ec73943832319b13{"merchant_ref":"a","method":"credit_card","transaction_type":"authorize","amount":"25000","currency_code":"USD","credit_card":{"cardholder_name":"123123123","type":"Visa","card_number":"4012000033330026","exp_date":"1122","cvv":"123"}}

This is my HMAC sha256 using apiSecret

2064befe423b8ff8eb4d395d89293739c03634409ea3b390d0558c4166869006

and finally the base64 header looks like this

MjA2NGJlZmU0MjNiOGZmOGViNGQzOTVkODkyOTM3MzljMDM2MzQ0MDllYTNiMzkwZDA1NThjNDE2Njg2OTAwNg==

Im posting the data like this

$.ajax({
crossDomain: true,
url: url,
method: "POST",
dataType: 'jsonp',
headers: {
"apikey": apikey,
"token": token,
"Content-type": "application/json",
"Authorization": authorization,
"nonce": nonce,
"timestamp": timestamp
},
processData: false,
data: payload,
success: function(response){
console.log(response);
console.log(response.status);
},
error: function(response){
console.log(response);
console.log(response.status);
}
});


usmankhwaja9557
Re: HMAC using CryptoJS

I am sorry for the double post before.
I am able to get past HMAC validation failure. The following process helped.

var join = apikey + nonce + timestamp + token + payload;
var hmac = CryptoJS.HmacSHA256(join, api_secret);
var utf = CryptoJS.enc.Utf8.parse(hmac);
var authorization = CryptoJS.enc.Base64.stringify(utf).toString();

however...
If I post my data using Postman I get a response. But when I post from browser I get a 404 error. Any help?


rohitrajagopal3538
Re: HMAC using CryptoJS

Usman - Our API does not support cross origin requests. Is that what you are attempting?


usmankhwaja9557
Re: HMAC using CryptoJS

Yes. I just realized that that is the problem. I am attempting to use jsonp to ajax post data, but my request is being blocked either way. Are you saying that there is no way to integrate your API with an eCommerce website?


usmankhwaja9557
Re: HMAC using CryptoJS

Alternatively, can I use something like Unirest for PHP on my website? Will that work? or is it still considered cross-origin?

http://unirest.io/php.html
http://unirest.io/nodejs.html


rohitrajagopal3538
Re: HMAC using CryptoJS

We do support eCommerce websites. Typical integrations involve issuing the payment transactions from the merchant server. 

I am not sure about the unirest. You may want to give it a try. However, note that issuing payment requests from the browser means that your api secret or merchant token may become available in the page source code which is a risk.


usmankhwaja9557
Re: HMAC using CryptoJS

Dear Rohit, Thanks for all the assistance. I have finally achieved credit card authentication from my website. I used Guzzle PHP HTTP client to post form data to your API.

https://github.com/guzzle/guzzle