Signature

A signature is a unique code used to ensure the security and authenticity of data during a transaction. The signature is created using cryptographic algorithms such as RSA and SHA-256. Each time a request is received, Espay will validate the signature to ensure that the transaction data originates from you and has not been altered during transmission.
Each Espay service has a different parameter format for generating its signature. Below is the parameter combination format along with its corresponding services:
Service Message Combination
Send Invoice
Request
Signature Key + rq_uuid + rq_datetime + order_id + amount + ccy + comm_code + SENDINVOICE
Inquiry Transaction
Request
Signature Key + rq_datetime + order_id + INQUIRY
Response
Signature Key + rq_uuid + rs_datetime + order_id + error_code + INQUIRY-RS
Payment Notification
Request
Signature Key + rq_datetime + order_id + PAYMENTREPORT
Response
Signature Key + rq_uuid + rs_datetime + error_code + PAYMENTREPORT-RS
Check Payment Status
Request
Signature Key + rq_datetime + order_id + CHECKSTATUS
Expire Transaction

Request
Signature Key + rq_datetime + order_id + EXPIRETRANSACTION
Credit Card - Tokenization
Request
Signature Key + comm_code + trx_id + amount
Credit Card - Capture
Request
Signature Key + comm_code + trx_id + amount
Credit Card - Void
Request
Signature Key + comm_code + trx_id
Credit Card - Refund
Request
Signature Key + comm_code + trx_id + amount
Push To Pay / QRIS / Linkage
Request
rq_uuid + comm_code + product_code + order_id + amount + signature key + PUSHTOPAY
Settlement Notification
Request
rq_uuid + rq_datetime + sender_id + receiver_id
Payment Link
Request
comm_code + orderid + amount + key + datetime + password
Signature Component
Component Description
amount
Paid amount.

Example:
150000
ccy
Transaction currency code.

Value:
  • Rupiah: IDR
comm_code
Merchant code from Espay team.

Example:
SGWDIGALLERY
error_code
Error code.

Example:
0000
Key
API Key from Espay team.
order_id / orderid
Unique code to identify the order/billing/invoice.

Example:
Transaction number, invoice ID, etc.
rq_uuid
Request identifier. A unique ID used to identify messages.
rq_datetime / datetime
Date and time of the transaction request.

Example:
2024-01-01 14:39:11
rs_datetime
Date and time of the transaction response.

Example:
2024-01-01 14:39:11
SignatureKey
Signature key from Espay team.

Example:
s8qndd0ghZdrl04r
Here are the steps to create a signature based on the service requirements being used:
  1. Combine the signature parameters specified by Espay using "##" as the separator.
  • Send Invoice Service Example
Combination format
##SignatureKey##rq_uuid##rq_datetime##order_id##amount##ccy##comm_code##SENDINVOICE##
##cc256d3a2d7687e6f4e1f4217c534bc6b18f66e3552aa9d312f5f4808130504##rfbd39734-ed32-490d-98c4-e91bcd91037a##2024-01-01 14:39:11##ORDER001##100000##IDR##SGWDIGALLERY##SENDINVOICE##
  • Payment Link Service Example
Combination format
##comm_code##orderid##amount##key##datetime##password##
##ESPAYCOMMCODE##ORDER001-JKT-2020##200000.00## rwjfiwhrwrwhugdsdfyfyd##2020-08-08 09:17:45##P@ssw0rd!##
  1. Convert the combined string from step 1 into uppercase.
  • Send Invoice Service Example
Format before uppercase
##cc256d3a2d7687e6f4e1f4217c534bc6b18f66e3552aa9d312f5f4808130504##rfbd39734-ed32-490d-98c4-e91bcd91037a##2024-01-01 14:39:11##ORDER001##100000##IDR##SGWDIGALLERY##SENDINVOICE##
Format after uppercase
##CC256D3A2D7687E6F4E1F4217C534BC6B18F66E3552AA9D312F5F4808130504##RFBD39734-ED32-490D-98C4-E91BCD91037A##2024-01-01 14:39:11##ORDER001##100000##IDR##SGWDIGALLERY##SENDINVOICE##
  • Payment Link Service Example
The format for the Payment Link service is not converted to uppercase.
##ESPAYCOMMCODE##ORDER001-JKT-2020##200000.00## rwjfiwhrwrwhugdsdfyfyd##2020-08-08 09:17:45##P@ssw0rd!##
  1. Apply the SHA-256 hashing algorithm to the formatted string from step 2.
  • Payment Link Service Example
Format after hash SHA-256
##CC256D3A2D7687E6F4E1F4217C534BC6B18F66E3552AA9D312F5F4808130504##RFBD39734-ED32-490D-98C4-E91BCD91037A##2024-01-01 14:39:11##ORDER001##100000##IDR##SGWDIGALLERY##SENDINVOICE##
Format before hash SHA-256
b474188c95439412262f5808473caa8c12676acf4381842ff43b1b4a22493808
  • Payment Link Service Example
Format before hash SHA-256
##ESPAYCOMMCODE##ORDER001-JKT-2020##200000.00## rwjfiwhrwrwhugdsdfyfyd##2020-08-08 09:17:45##P@ssw0rd!##
Format after hash SHA-256
b958d232cb4b5aad3ee37f44ebc89f149083cdd5f8ae100fa0d96776bcae718d

Try It!

You can enter data using the input provided. After that, you submit and see the results!

Request

Value

Response



PHP - Non Payment Link

$data = strtoupper('##S8QNDDOGHZDRLO4RR##2024-04-30 17:48:24##145000065##SENDINVOICE##');
$signature = hash('sha256', $data);



JAVA - Non Payment Link


import java.io.FileInputStream;
import java.security.MessageDigest;
/**
*
* @author root
*/
public class SHACheckSumExample {
    /**
    * @param args the command line arguments
    */
    public static void main(String[] args) throws Exception{
    
        // TODO code application logic here
        String password ="##S8QNDDOGHZDRLO4RR##2024-04-30 17:48:24##145000065##SENDINVOICE##";
        Confidential © Espay Page 23 of 27 PT.Square Gate One
        String data = password.toUpperCase();
        System.err.println(data);
        MessageDigest md = MessageDigest.getInstance("SHA-256");
        md.update(data.getBytes());
        byte byteData[] = md.digest();
               
        //convert the byte to hex format method 1
        StringBuffer sb = new StringBuffer();
        for (int i = 0; i < byteData.length; i++) {
            sb.append(Integer.toString((byteData[i] & 0xff) + 0x100,16).substring(1));
        }
        
        System.out.println("Hex format : " + sb.toString());
    }
}



PHP - Payment Link


$data = '##SGWMAGENTO##PAYLINK0312242##20000.00##7bc074f97c3131d2e290a4707a54a623##2024-12-03 23:30:45##TEST##';
$signature = hash('sha256', $data);



Scroll to Top