Espay 360

Hash-Based Signature

A signature is a unique code used to ensure the security and authenticity of data during a transaction. The signature is created using cryptographic algorithms such as RSA and SHA-256. Each time a request is received, Espay will validate the signature to ensure that the transaction data originates from you and has not been altered during transmission.
Format Parameter

Each Espay service has a different parameter format for signature generation. Below is the combination of parameters along with their corresponding services:

Service Message Combination
Transaction History List
Request
signature key + rq_uuid + comm_code + TRANSACTIONHISTORYLIST
Get Image Invoice
Request
signature key + comm_code + inv + GETIMAGEINVOICE
Signature Component
Component Description
comm_code
Merchant code from Espay team.
inv
Transaction ID.
rq_uuid
Request identifier. A unique ID used to identify messages.
signature key
API Key from Espay team.

Example:
s8qndd0ghZdrl04r
Signature Generation Steps

Use the following steps to generate a signature based on the service you are using. The example below uses the Transaction History List service:

  1. Combine the signature parameters specified by Espay using "##" as the separator.
Combination format
##signatureKey##rq_uuid##comm_code##TRANSACTIONHITORYLIST##
##s8qndd0ghZdrl04r##bb8cc50a-f670-4d0d-92a1-fbaadb85cece##AKULAKU01##TRANSACTIONHITORYLIST##
  1. Convert the combined string from step 1 into uppercase.
Format before uppercase
##s8qndd0ghZdrl04r##bb8cc50a-f670-4d0d-92a1-fbaadb85cece##AKULAKU01##TRANSACTIONHITORYLIST##
Format after uppercase
##S8QNDD0GHZDRL04R##BB8CC50A-F670-4D0D-92A1-FBAADB85CECE##AKULAKU01##TRANSACTIONHITORYLIST##
  1. Apply the SHA-256 hashing algorithm to the formatted string from step 2.
Format before hash SHA-256
##S8QNDD0GHZDRL04R##BB8CC50A-F670-4D0D-92A1-FBAADB85CECE##AKULAKU01##TRANSACTIONHITORYLIST##
Format after hash SHA-256
ffc3fe1e0ea617ebfb864b6f1e51472cdcac66990215d2e9a3f5cd2fe626dc76


Generate Signature Universal Virtual Account (Send Invoice)

$signatureKey = 'cc256d3a2d7687e6f4e1f4217c534bc6b18f66e3552aa9d312f5f4808130504';
$rq_uuid      = 'rfbd39734-ed32-490d-98c4-e91bcd91037a';
$rq_datetime  = '2024-01-01 14:39:11';
$order_id     = 'ORDER001';
$amount       = '100000';
$ccy          = 'IDR';
$comm_code    = 'SGWYESSISHOP';
$action       = 'SENDINVOICE';
                                  
$raw_string = strtoupper("##{$signatureKey}##{$rq_uuid}##{$rq_datetime}##{$order_id}##{$amount}##{$ccy}##{$comm_code}##{$action}##");

$signature = hash('sha256', $raw_string);
         
echo "Raw String: " . $raw_string . PHP_EOL;
echo "Signature : " . $signature;


Generate Signature Universal Virtual Account (Send Invoice)

import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;

public class UniversalSignatureGenerator {

    public static void main(String[] args) {
        String signatureKey = "cc256d3a2d7687e6f4e1f4217c534bc6b18f66e3552aa9d312f5f4808130504";
        String rq_uuid      = "rfbd39734-ed32-490d-98c4-e91bcd91037a";
        String rq_datetime  = "2024-01-01 14:39:11";
        String order_id     = "ORDER001";
        String amount       = "100000";
        String ccy          = "IDR";
        String comm_code    = "SGWYESSISHOP";
        String action       = "SENDINVOICE";

        // Buat raw string dan ubah ke uppercase
        String rawString = String.format("##%s##%s##%s##%s##%s##%s##%s##%s##",
                signatureKey, rq_uuid, rq_datetime, order_id, amount, ccy, comm_code, action
        ).toUpperCase();

        try {
          // Hash menggunakan SHA-256
            MessageDigest digest = MessageDigest.getInstance("SHA-256");
            byte[] hash = digest.digest(rawString.getBytes(StandardCharsets.UTF_8));

            // Konversi hasil hash ke hex string
            StringBuilder hexString = new StringBuilder();
            for (byte b : hash) {
                hexString.append(String.format("%02x", b));
            }

            // Output hasil
            System.out.println("Raw String: " + rawString);
            System.out.println("Signature : " + hexString.toString());

        } catch (Exception e) {
            e.printStackTrace();
        }
    }
}


Generate Signature Universal Virtual Account (Send Invoice)

const crypto = require('crypto');

const signatureKey = 'cc256d3a2d7687e6f4e1f4217c534bc6b18f66e3552aa9d312f5f4808130504';
const rq_uuid      = 'rfbd39734-ed32-490d-98c4-e91bcd91037a';
const rq_datetime  = '2024-01-01 14:39:11';
const order_id     = 'ORDER001';
const amount       = '100000';
const ccy          = 'IDR';
const comm_code    = 'SGWYESSISHOP';
const action       = 'SENDINVOICE';

// Gabungkan dan ubah ke UPPERCASE
const rawString = `##${signatureKey}##${rq_uuid}##${rq_datetime}##${order_id}##${amount}##${ccy}##${comm_code}##${action}##`.toUpperCase();

// Buat SHA-256 hash
const signature = crypto.createHash('sha256').update(rawString).digest('hex');

// Output
console.log("Raw String :", rawString);
console.log("Signature  :", signature);
Table of Contents
Scroll to Top