API Reference

Validate Requests Received from PayPlus

How It Works

When you receive a data payload from PayPlus, it will include a header called hash and a header called user-agent.

Verify That the Data Came from PayPlus
Use your API secret key to verify that the data was sent by PayPlus.

Here is a sample of the response:

{  
    "results": {  
        "status": "success",  
        "code": 0,  
        "description": "payment page link has been generated"  
    },  
    "data": {  
        "page_request_uid": "0e8789bf-9eaf-4a07-9c16-0a348a4fd5d9",  
        "payment_page_link": "http\://localhost:8000/0e8789bf-9eaf-4a07-9c16-0a348a4fd5d9"  
    }  
}

And headers:

{
    "hash": "yb4ViUaVO6OFdF9iyISKtCi+cXTvWm0+3e/sQkPsNS0=",
    "user-agent": "PayPlus"
}

Sample function (Node.js) to verify encrypted data:

resolvePayPlusHash = (response, secret_key) => {
    if (!response) {
        return false;
    }
    if (response.headers['user-agent'] !== 'PayPlus') {
        return false;
    }
    const message = response.body && JSON.stringify(response.body);
    if (!message) {
        return false;
    }
    const hash = response.headers['hash'];
    if (!hash) {
        return false;
    }
    const genHash = crypto.createHmac("sha256", secret_key)
        .update(message)
        .digest("base64");
    return genHash === hash;
}

This function is an example to check the validation of the PayPlus response. This part:

const genHash = crypto.createHmac("sha256", secret_key)
    .update(message)
    .digest("base64");
return genHash === hash;

is verifying the encrypted data.