Biller Product

Based-Hased Signature

A signature is a unique code used to ensure the security and authenticity of data during a transaction. The signature is created using cryptographic algorithms such as RSA and SHA-256. Each time a request is received, Espay will validate the signature to ensure that the transaction data originates from you and has not been altered during transmission.

Each Espay service has a different parameter format for generating its signature. Below is the parameter combination format along with its corresponding services:

Service Combination
Bill Inquiry
sender_id + order_ id + product_code + rq_uuid + key
Bill Payment
sender_id + order_id + product_code + amount + rq_uuid + key
Inquiry Bill Payment Status
sender_id + Referensi ID + rq_uuid + key
Balance
sender_id + rq_uuid + key
Signature Component
Component Description
amount
Total invoice amount.

Format:
Desimal (,00)

Example:
150.000,00
key
API Key from Espay team.
order_id
Unique code to identify the transaction.

Example:
Handphone number, credit card number, id customer, etc.
Referensi ID
Reference ID provided by Espay in the Bill Payment response.
rq_uuid
Request identifier. A unique ID used to identify messages.

Format:
Sender_id + unique ID

Example:
SENDERID123ABC-DEF456
sender_id
Merchant identity code from Espay team.

Here are the steps to create a signature based on the service requirements being used:

  1. Combine the signature parameters specified by Espay using "##" as the separator.
  • Bill Inquiry Service Example
Combination format
##sender_id##Order id##product_code##rq_uuid##key##
##SENDERID##9900990099##STCKAI##5441217##keyforsignature##
  1. Convert the combined string from step 1 into uppercase.
  • Bill Inquiry Service Example
Format before uppercase
##SENDERID##9900990099##STCKAI##5441217##keyforsignature##
Format after uppercase
##SENDERID##9900990099##STCKAI##5441217##KEYFORSIGNATURE##
  1. Apply the SHA-256 hashing algorithm to the formatted string from step 2.
  • Bill Inquiry Service Example
Format before hash SHA-256
##SENDERID##9900990099##STCKAI##5441217##KEYFORSIGNATURE##
Format after hash SHA-256
bad06402f42b1244c88e3c2da24543e5708a96322819af6cc08b809d8aab5405

Try It!

Anda bisa coba masukkan data sesuai dengan input yang telah disediakan. Setelah itu Anda submit dan lihat hasilnya!

Request

Value

Response



PHP

$data = strtoupper('##SENDERID##9900990099##STCKAI##5441217##keyforsignature##');
$signature = hash('sha256', $data);


JAVA


import java.io.FileInputStream;
import java.security.MessageDigest;
/**
*
* @author root
*/
public class SHACheckSumExample {
    /**
    * @param args the command line arguments
    */
    public static void main(String[] args) throws Exception{
    
        // TODO code application logic here
        String password ="##SENDERID##9900990099##STCKAI##5441217##keyforsignature##";
        Confidential © Espay Page 23 of 27 PT.Square Gate One
        String data = password.toUpperCase();
        System.err.println(data);
        MessageDigest md = MessageDigest.getInstance("SHA-256");
        md.update(data.getBytes());
        byte byteData[] = md.digest();
               
        //convert the byte to hex format method 1
        StringBuffer sb = new StringBuffer();
        for (int i = 0; i < byteData.length; i++) {
            sb.append(Integer.toString((byteData[i] & 0xff) + 0x100,16).substring(1));
        }
        
        System.out.println("Hex format : " + sb.toString());
    }
}



Scroll to Top