Signature Algorithm
note
- Signature algorithm is used to sign your payment API request with a private key to obtain additional security.
important
- Data object needs to be sorted, the Nested object also needs to be sorted.
#
Step 1 : Prepare a Request ParameterMethod : POST
note
- Refer to which API endpoint you are calling , below request parameter is just an EXAMPLE
#
Example of Web/Mobile PaymentParameter | Type | Required | Description | Example |
---|---|---|---|---|
order | Object | Yes | Object of order | (Refer to explanation below) |
customer | Object | Yes | Object of customer | (Refer to explanation below) |
method | []String | Yes | RM currently supported method | [] |
type | String | Yes | Object of type | (Refer to explanation below) |
storeId | String | Yes | ID of the store to create QR code | "10946114768247530" |
redirectUrl | String | Yes | URL to redirect after payment is made | "https://google.com" |
notifyUrl | String | Yes | Example of Notify URL Response | "https://google.com" |
layoutVersion | String | Optional | Select layout for Web payment | v1 / v2 (Supported Credit Card) / v3 (Supported Credit Card and FPX) |
Order object (order):
Parameter | Type | Required | Description | Example |
---|---|---|---|---|
title | String | Yes | Order title, max: 32 | "Sales" |
detail | String | Yes | Order detail, max: 600 | "1 x iPhone X; 2 x SAMSUNG S8" |
additionalData | String | Yes | Order description | "Sales" |
amount | Uint | Yes | Amount of order in cent. Only required when "isPrefillAmount" = true. (min RM 0.10 or amount: 10) | 100 |
currencyType | String | Yes | Currency notation (currently only support MYR ) | "MYR" |
id | String | Order ID | "6170506694335521334" |
Customer object (customer):
Parameter | Type | Required | Description | Example |
---|---|---|---|---|
userId | String | Yes | if tokenization enable need userId | "13245876" |
email | String | Optional | Customer Email | "" |
countryCode | String | Optional | Customer Country Code | "" |
phoneNumber | String | Optional | Customer Phone Number | "" |
Type Object (type):
Parameter | Type | Required | Example |
---|---|---|---|
type | String | Yes | "WEB_PAYMENT" |
type | String | Yes | "MOBILE_PAYMENT" |
Example Request
#
Step 2 : Encode the data using Base64 formatnote
ewogICAgIm9yZGVyIjogewogICAgCSJ0aXRsZSI6ICJoZWxsbyIsCiAgICAJImRldGFpbCI6ICIiLAogICAgCSJhZGRpdGlvbmFsRGF0YSI6ICJ3b3JsZCIsCgkgICAgImFtb3VudCI6IDEwLAoJICAgICJjdXJyZW5jeVR5cGUiOiAiTVlSIiwKCSAgICAiaWQiOiAgIjcyMTEiCiAgICB9LAogICAgImN1c3RvbWVyIjogewogICAgInVzZXJJZCI6ICIiLAogICAgImVtYWlsIjogIiIKfSwKICAgICJtZXRob2QiOltdLAogICAgInR5cGUiOiAiV0VCX1BBWU1FTlQiLAogICAgInN0b3JlSWQiOiAiMTYwODEyMzAzNTU2NDUzODEyMSIsCiAgICAicmVkaXJlY3RVcmwiOiAiaHR0cHM6Ly9yZXZlbnVlbW9uc3Rlci5teSIsCiAgICAibm90aWZ5VXJsIjogImh0dHBzOi8vZGV2LXJtLWFwaS5hcC5uZ3Jvay5pbyIsCiAgICAibGF5b3V0VmVyc2lvbiI6InYzIgp9
#
Step 3: Construct plain text parametersParameter | Type | Required | Description | Example |
---|---|---|---|---|
data | String | Yes | Base64 data body from Step 2. | Refer to Step 2 |
method | String | Yes | HTTP call method used | "post" |
nonceStr | String | Yes | Random string | "VYNknZohxwicZMaWbNdBKUrnrxDtaRhN" |
requestURL | String | Yes | API URL that you call must be exactly the same, together with URL. | https://sb-open.revenuemonster.my/v3/payment/online |
signType | String | Yes | Sign Type, prefer SHA-256 | "sha256" |
timestamp | String | Yes | UNIX timestamp of request | "1527407052" |
Example
note
data=ewogICAgIm9yZGVyIjogewogICAgCSJ0aXRsZSI6ICJoZWxsbyIsCiAgICAJImRldGFpbCI6ICIiLAogICAgCSJhZGRpdGlvbmFsRGF0YSI6ICJ3b3JsZCIsCgkgICAgImFtb3VudCI6IDEwLAoJICAgICJjdXJyZW5jeVR5cGUiOiAiTVlSIiwKCSAgICAiaWQiOiAgIjcyMTEiCiAgICB9LAogICAgImN1c3RvbWVyIjogewogICAgInVzZXJJZCI6ICIiLAogICAgImVtYWlsIjogIiIKfSwKICAgICJtZXRob2QiOltdLAogICAgInR5cGUiOiAiV0VCX1BBWU1FTlQiLAogICAgInN0b3JlSWQiOiAiMTYwODEyMzAzNTU2NDUzODEyMSIsCiAgICAicmVkaXJlY3RVcmwiOiAiaHR0cHM6Ly9yZXZlbnVlbW9uc3Rlci5teSIsCiAgICAibm90aWZ5VXJsIjogImh0dHBzOi8vZGV2LXJtLWFwaS5hcC5uZ3Jvay5pbyIsCiAgICAibGF5b3V0VmVyc2lvbiI6InYzIgp9&method=post&nonceStr=VYNknZohxwicZMaWbNdBKUrnrxDtaRhN&requestUrl=https://sb-open.revenuemonster.my/v3/payment/online&signType=sha256×tamp=1527407052
#
Step 4: Sign with CLIENT PRIVATE KEYParameter | Type | Required | Description | |
---|---|---|---|---|
data | String | Yes | Sign the request data in Step 3 using CLIENT PRIVATE KEY | Response show as below |
note
Example of Signature
sha256 IrBg6t73VsH7ieEnQDB4CXHFjMWUkp8Dtddpxqw+4Gvz6Tag7Dx6nrfAt2ofYK8xZN9aBCvAKAfmAOGWIXnsTXfhFBnMA2kadiga7ufUJ81ozyhllbiliRM2ugw1OcqSTLRHWBPhrVwhHBxgDiG9wbuI3FKURrz+CufYYakFoCw=
#
Step 5: Signature of Request Datanote
Put this Signature into header under X-Signature, construct the request as below and call API endpoint:
#
Response ParametersParameter | Type | Description | Example |
---|---|---|---|
item | Object | item object | (Refer to explanation below) |
code | String | Successfully call this endpoint. If fail, will return error code object (Refer Appendix 1: Error Codes ) | "SUCCESS" |
item Object (item):
Parameter | Type | Description | Example |
---|---|---|---|
checkoutId | String | Code to identify web payment url | "1548316308361173347" |
url | String | Example to form checkout URL. Note: to change base URL to desired URL. | "https://sb-pg.revenuemonster.my/checkout?checkoutId=1548316308361173347" |
Example Response
#
Using RM Merchant Portal to get Signature#
Step 1 : Create New ApplicationGo to Merchant Portal > Developer > Applications tab (last on the list) and you will see the following page:
#
Step 2 : Obtain CredentialClick on the Applications created in Step 1. You may edit and update relevant information here :
If you would like to disable the application , simply toggle the "ON/OFF" switch button at the top right.
Click on Show to reveal your clientSecret:
#
Generate RSA KEYSIf you need help to generate a key, go to Merchant portal > Developer > Application > Generator RSA Key Suggested key size: 2048 Bit. Keep your private keys in a safe place! Or use our Generate RSA key tool.
Private Keys
are required to sign API request(s) contents.Public Keys
are used to verify content received.
#
Optional Tool: Signature DebuggerPublic Keys
needs to have be wrap as following :
For security purposes, we enhanced our authentication flow and Open API by adding layers of encryption to our endpoints. You may develop your own encryption tool on your desired application directly, or use our Signature Debugger to do signing/verification using private/public keys as obtained from the previous step.
Refer more on Signature Debugger
#
Invalid Request Signaturenote
You can refer the below Response if you received INVALID_REQUEST_SIGNATURE
we will guide you step by step to fix the issue
- Check your Private key and Public key
- No space in JSON data
- To access all wallets, use
method:[]
- For amount:100 is RM 1.00