9 posts / 0 new
Last post
HMAC using CryptoJS

My generated HMAC does not match HMAC generator on the sandbox page. Please help me. What am I doing wrong? Note that I can get successful response when I use HMAC generated from the sandbox page using my own apikey, token, secret, and payload. But when I do it using the following method. I get HMAC authorization failed error. My timestamp is correct (matches the one on sandbox page) so that is not causing the problem.

var param = apikey + nonce + timestamp + token + array;
var hash = CryptoJS.HmacSHA256(param, api_secret);
var authorization = CryptoJS.enc.Base64.stringify(hash);

array = "{
"merchant_ref": "a",
"method": "credit_card",
"transaction_type": "authorize",
"amount": "25000",
"currency_code": "USD",
"credit_card": {
"cardholder_name": "abcd",
"type": "Visa",
"card_number": "4005519200000004",
"exp_date": "1122",
"cvv": "123"

var time = new Date();
var timestamp = time.getTime().toString();

Re: HMAC using CryptoJS

Usman - can you try this?

getAuthorizationHeader: function (apiKey, apiSecret, payload, token, nonce, timestamp) {
            var data = apiKey + nonce + timestamp + token + payload;
            var digest = CryptoJS.HmacSHA256(data, apiSecret);
            var header = new Buffer(digest.toString()).toString('base64');
            return header;

Re: HMAC using CryptoJS

Im still getting "HMAC validation Failure"

this is my data


This is my HMAC sha256 using apiSecret


and finally the base64 header looks like this


Im posting the data like this

crossDomain: true,
url: url,
method: "POST",
dataType: 'jsonp',
headers: {
"apikey": apikey,
"token": token,
"Content-type": "application/json",
"Authorization": authorization,
"nonce": nonce,
"timestamp": timestamp
processData: false,
data: payload,
success: function(response){
error: function(response){

Re: HMAC using CryptoJS

I am sorry for the double post before.
I am able to get past HMAC validation failure. The following process helped.

var join = apikey + nonce + timestamp + token + payload;
var hmac = CryptoJS.HmacSHA256(join, api_secret);
var utf = CryptoJS.enc.Utf8.parse(hmac);
var authorization = CryptoJS.enc.Base64.stringify(utf).toString();

If I post my data using Postman I get a response. But when I post from browser I get a 404 error. Any help?

Re: HMAC using CryptoJS

Usman - Our API does not support cross origin requests. Is that what you are attempting?

Re: HMAC using CryptoJS

Yes. I just realized that that is the problem. I am attempting to use jsonp to ajax post data, but my request is being blocked either way. Are you saying that there is no way to integrate your API with an eCommerce website?

Re: HMAC using CryptoJS

Alternatively, can I use something like Unirest for PHP on my website? Will that work? or is it still considered cross-origin?


Re: HMAC using CryptoJS

We do support eCommerce websites. Typical integrations involve issuing the payment transactions from the merchant server. 

I am not sure about the unirest. You may want to give it a try. However, note that issuing payment requests from the browser means that your api secret or merchant token may become available in the page source code which is a risk.

Re: HMAC using CryptoJS

Dear Rohit, Thanks for all the assistance. I have finally achieved credit card authentication from my website. I used Guzzle PHP HTTP client to post form data to your API.