Tagih.id

Hash-Based Signature

A signature is a unique code used to ensure the security and authenticity of data during a transaction. The signature is created using cryptographic algorithms such as RSA and SHA-256. Each time a request is received, Espay will validate the signature to ensure that the transaction data originates from you and has not been altered during transmission.
Each Espay service has a different parameter format for generating its signature. Below is the parameter combination format along with its corresponding services:
Service Message Combination
Payment Notification
Visit the service here.
Request
Signature Key + rq_datetime + trx_id + collector + total_amount + PAYMENTREPORT
Send Invoice Multiple
Visit the service here.
Request
rq_uuid + rq_datetime + comm_code + signature key + SENDINVOICEMULTI
Signature Component
Component Description
collector
Collector identity.
comm_code
Member region code.
rq_datetime
Date and time of the transaction request.

Format:
Y-m-d H:i:s

Example:
2024-01-01 14:39:11
rq_uuid
Request identifier. A unique ID used to identify messages.
Signature Key
Signature key from Espay team.

Example:
s8qndd0ghZdrl04r
total_amount
Total paid amount.

Format:
250000
trx_id
Transaction ID from Espay.
How to Create a Signature

Here are the steps to create a signature based on the service requirements being used

  1. Combine the signature parameters specified by Espay using "##" as the separator.
  • Send Multiple Invoice Service Example
Combination format
##rq_uuid##rq_datetime##comm_code##signature key##SENDINVOICEMULTI##
##4445a53b-4bac-4159-ac69-f02149f53302##2021-06-2313:29:49##SGWYESSISHOP##zwvqhkqqo4gvfwwk##SENDINVOICEMULTI##
  1. Convert the combined string from step 1 into uppercase.
  • Send Multiple Invoice Service Example
Format before uppercase
##4445a53b-4bac-4159-ac69-f02149f53302##2021-06-2313:29:49##SGWYESSISHOP##zwvqhkqqo4gvfwwk##SENDINVOICEMULTI##
Format after uppercase
##4445A53B-4BAC-4159-AC69-F02149F53302##2021-06-2313:29:49##SGWYESSISHOP##ZWVQHKQQO4GVFWWK##SENDINVOICEMULTI##
  1. Apply the SHA-256 hashing algorithm to the formatted string from step 2.
  • Send Multiple Invoice Service Example
Format before uppercase
##4445A53B-4BAC-4159-AC69-F02149F53302##2021-06-2313:29:49##SGWYESSISHOP##ZWVQHKQQO4GVFWWK##SENDINVOICEMULTI##
Format after hash SHA-256
adceabc20f3d11ba1c0e9ea3c2fd58c59406823a5644222ca5cfabd56194f157




Generate Signature for Payment Notification

// Input parameter
$signature_key   = 'zwvqhkqqo4gvfwwk';
$rq_datetime     = '2021-06-2313:29:49';
$trx_id          = 'ESP1624429732I2O3';
$collector       = '[email protected]';
$total_amount    = '4000';
$action          = 'PAYMENTREPORT';

// 1. Combine all components using '##' as the separator
$rawString = "##$signature_key##$rq_datetime##$trx_id##$collector##$total_amount##$action##";

// 2. Convert the entire string to uppercase
$upperString = strtoupper($rawString);

// 3. Generate the SHA-256 hash
$signature = hash('sha256', $upperString);

// Output signature
echo "Initial format:\n " . $rawString;
echo "\n\nFormat after converting to uppercase:\n " . $upperString;
echo "\n\nFinal Signature:\n " . $signature;




Generate Signature untuk Payment Notification

import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;

public class SignatureGenerator {
    public static void main(String[] args) {
        // Input parameter
        String signatureKey  = "zwvqhkqqo4gvfwwk";
        String rqDatetime    = "2021-06-2313:29:49";
        String trxId         = "ESP1624429732I2O3";
        String collector     = "[email protected]";
        String totalAmount   = "4000";
        String action        = "PAYMENTREPORT";

        // 1. Combine all components using '##' as the separator
        String rawString = "##" + signatureKey + "##" + rqDatetime + "##" + trxId + "##" + collector + "##" + totalAmount + "##" + action + "##";

        // 2. Convert the entire string to uppercase
        String upperString = rawString.toUpperCase();

        // 3. Generate the SHA-256 hash
        String signature = sha256(upperString);

        // Output signature
        System.out.println("Initial format:\n" + rawString);
        System.out.println("\nFormat after converting to uppercase:\n" + upperString);
        System.out.println("\nFinal Signature:\n" + signature);
    }

    // Function to generate SHA-256 hash
    public static String sha256(String input) {
        try {
            MessageDigest digest = MessageDigest.getInstance("SHA-256");
            byte[] hash = digest.digest(input.getBytes(StandardCharsets.UTF_8));

            // Convert byte array to hex string
            StringBuilder hexString = new StringBuilder();
            for (byte b : hash) {
                String hex = String.format("%02x", b);
                hexString.append(hex);
            }
            return hexString.toString();

        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException("SHA-256 algorithm not found");
        }
    }
}




Generate Signature untuk Payment Notification

const crypto = require('crypto');

// Input parameter
const signatureKey = 'zwvqhkqqo4gvfwwk';
const rqDatetime = '2021-06-2313:29:49';
const trxId = 'ESP1624429732I2O3';
const collector = '[email protected]';
const totalAmount = '4000';
const action = 'PAYMENTREPORT';

// 1. Combine all components using '##' as the separator
const rawString = `##${signatureKey}##${rqDatetime}##${trxId}##${collector}##${totalAmount}##${action}##`;

// 2. Convert the entire string to uppercase
const upperString = rawString.toUpperCase();

// 3. Generate the SHA-256 hash
const hash = crypto.createHash('sha256').update(upperString).digest('hex');

// Output signature
console.log('Initial format:\n', rawString);
console.log('\nFormat after converting to uppercase:\n', upperString);
console.log('\nFinal Signature:\n', hash);
Scroll to Top