Tagih.id

Hash-Based Signature

A signature is a unique code used to ensure the security and authenticity of data during a transaction. The signature is created using cryptographic algorithms such as RSA and SHA-256. Each time a request is received, Espay will validate the signature to ensure that the transaction data originates from you and has not been altered during transmission.
Each Espay service has a different parameter format for generating its signature. Below is the parameter combination format along with its corresponding services:
Service Message Combination

Payment Notification

Request
Signature Key + rq_datetime + trx_id + collector + total_amount + PAYMENTREPORT
Send Invoice Multiple
Request
rq_uuid + rq_datetime + comm_code + signature key + SENDINVOICEMULTI
Signature Component
Component Description
collector
Collector identity.
comm_code
Member region code.
rq_datetime
Date and time of the transaction request.

Format:
Y-m-d H:i:s

Example:
2024-01-01 14:39:11
rq_uuid
Request identifier. A unique ID used to identify messages.
Signature Key
Signature key from Espay team.

Example:
s8qndd0ghZdrl04r
total_amount
Total paid amount.

Format:
250000
trx_id
Transaction ID from Espay.

Here are the steps to create a signature based on the service requirements being used

  1. Combine the signature parameters specified by Espay using "##" as the separator.
  • Send Multiple Invoice Service Example
Combination format
##rq_uuid##rq_datetime##comm_code##signature key##SENDINVOICEMULTI##
##4445a53b-4bac-4159-ac69-f02149f53302##2021-06-2313:29:49##SGWYESSISHOP##zwvqhkqqo4gvfwwk##SENDINVOICEMULTI##
  1. Convert the combined string from step 1 into uppercase.
  • Send Multiple Invoice Service Example
Format before uppercase
##4445a53b-4bac-4159-ac69-f02149f53302##2021-06-2313:29:49##SGWYESSISHOP##zwvqhkqqo4gvfwwk##SENDINVOICEMULTI##
Format after uppercase
##4445A53B-4BAC-4159-AC69-F02149F53302##2021-06-2313:29:49##SGWYESSISHOP##ZWVQHKQQO4GVFWWK##SENDINVOICEMULTI##
  1. Apply the SHA-256 hashing algorithm to the formatted string from step 2.
  • Send Multiple Invoice Service Example
Format before uppercase
##4445A53B-4BAC-4159-AC69-F02149F53302##2021-06-2313:29:49##SGWYESSISHOP##ZWVQHKQQO4GVFWWK##SENDINVOICEMULTI##
Format after hash SHA-256
adceabc20f3d11ba1c0e9ea3c2fd58c59406823a5644222ca5cfabd56194f157


PHP

$data = strtoupper('##4445a53b-4bac-4159-ac69-f02149f53302##2021-06-2313:29:49##SGWYESSISHOP##zwvqhkqqo4gvfwwk##SENDINVOICEMULTI##');
$signature = hash('sha256', $data);


JAVA


import java.io.FileInputStream;
import java.security.MessageDigest;
/**
*
* @author root
*/
public class SHACheckSumExample {
    /**
    * @param args the command line arguments
    */
    public static void main(String[] args) throws Exception{
    
        // TODO code application logic here
        String password ="##S8QNDDOGHZDRLO4RR##2024-04-30 17:48:24##145000065##SENDINVOICE##";
        Confidential © Espay Page 23 of 27 PT.Square Gate One
        String data = password.toUpperCase();
        System.err.println(data);
        MessageDigest md = MessageDigest.getInstance("SHA-256");
        md.update(data.getBytes());
        byte byteData[] = md.digest();
               
        //convert the byte to hex format method 1
        StringBuffer sb = new StringBuffer();
        for (int i = 0; i < byteData.length; i++) {
            sb.append(Integer.toString((byteData[i] & 0xff) + 0x100,16).substring(1));
        }
        
        System.out.println("Hex format : " + sb.toString());
    }
}



Scroll to Top