My generated HMAC does not match HMAC generator on the sandbox page. Please help me. What am I doing wrong? Note that I can get successful response when I use HMAC generated from the sandbox page using my own apikey, token, secret, and payload. But when I do it using the following method. I get HMAC authorization failed error. My timestamp is correct (matches the one on sandbox page) so that is not causing the problem.
var param = apikey + nonce + timestamp + token + array;
var hash = CryptoJS.HmacSHA256(param, api_secret);
var authorization = CryptoJS.enc.Base64.stringify(hash);
array = "{
"merchant_ref": "a",
"method": "credit_card",
"transaction_type": "authorize",
"amount": "25000",
"currency_code": "USD",
"credit_card": {
"cardholder_name": "abcd",
"type": "Visa",
"card_number": "4005519200000004",
"exp_date": "1122",
"cvv": "123"
}
}"
var time = new Date();
var timestamp = time.getTime().toString();
Usman - can you try this?
getAuthorizationHeader: function (apiKey, apiSecret, payload, token, nonce, timestamp) {
var data = apiKey + nonce + timestamp + token + payload;
var digest = CryptoJS.HmacSHA256(data, apiSecret);
var header = new Buffer(digest.toString()).toString('base64');
return header;
},
Im still getting "HMAC validation Failure"
this is my data
Z14h0wGBroQnm7QNMb3jHIRG90Nxsgfp44345374433753380001468905434669fdoa-ec73943832319b139b89aedcdc619bc8ec73943832319b13{"merchant_ref":"a","method":"credit_card","transaction_type":"authorize","amount":"25000","currency_code":"USD","credit_card":{"cardholder_name":"123123123","type":"Visa","card_number":"4012000033330026","exp_date":"1122","cvv":"123"}}
This is my HMAC sha256 using apiSecret
2064befe423b8ff8eb4d395d89293739c03634409ea3b390d0558c4166869006
and finally the base64 header looks like this
MjA2NGJlZmU0MjNiOGZmOGViNGQzOTVkODkyOTM3MzljMDM2MzQ0MDllYTNiMzkwZDA1NThjNDE2Njg2OTAwNg==
Im posting the data like this
I am sorry for the double post before.
I am able to get past HMAC validation failure. The following process helped.
var join = apikey + nonce + timestamp + token + payload;
var hmac = CryptoJS.HmacSHA256(join, api_secret);
var utf = CryptoJS.enc.Utf8.parse(hmac);
var authorization = CryptoJS.enc.Base64.stringify(utf).toString();
however...
If I post my data using Postman I get a response. But when I post from browser I get a 404 error. Any help?
Usman - Our API does not support cross origin requests. Is that what you are attempting?
Yes. I just realized that that is the problem. I am attempting to use jsonp to ajax post data, but my request is being blocked either way. Are you saying that there is no way to integrate your API with an eCommerce website?
Alternatively, can I use something like Unirest for PHP on my website? Will that work? or is it still considered cross-origin?
http://unirest.io/php.html
http://unirest.io/nodejs.html
We do support eCommerce websites. Typical integrations involve issuing the payment transactions from the merchant server.
I am not sure about the unirest. You may want to give it a try. However, note that issuing payment requests from the browser means that your api secret or merchant token may become available in the page source code which is a risk.
Dear Rohit, Thanks for all the assistance. I have finally achieved credit card authentication from my website. I used Guzzle PHP HTTP client to post form data to your API.
https://github.com/guzzle/guzzle