Skip to main content

Payment Response

Code samples to generate and verify signature hash for the data received as query parameters in redirection after payment completion.

package main
import (
"crypto/hmac"
"crypto/sha256"
"encoding/base64"
"fmt"
"net/url"
)
type PaymentResponse struct {
OrderRef string
ChannelOrderRef string
MerchantOrderRef string
Status string
SignatureHash string
}
func VerifySignature(paymentResponse PaymentResponse, secretKey string) bool {
// Create a url.Values map and add the necessary parameters
params := make(url.Values)
params.Add("order_ref", paymentResponse.OrderRef)
params.Add("channel_order_ref", paymentResponse.ChannelOrderRef)
params.Add("merchant_order_ref", paymentResponse.MerchantOrderRef)
params.Add("status", paymentResponse.Status)
// Encode the parameters
data := params.Encode()
// Create the HMAC hash using SHA-256
secret := []byte(secretKey)
message := []byte(data)
hash := hmac.New(sha256.New, secret)
hash.Write(message)
// Convert the hash to a base64 string
hashValue := base64.StdEncoding.EncodeToString(hash.Sum(nil))
// Compare the computed hash with the signature received in the payment response
if hashValue != paymentResponse.SignatureHash {
fmt.Println("Hash verification failed, not from valid source")
return false
} else {
fmt.Println("Hash verification succeeded")
return true
}
}
func main() {
portOneSecret := "PORTONE_SECRET"
// Define the payment response struct below with the respective query params received in redirection
paymentResponse := PaymentResponse{
OrderRef: "order_ref",
ChannelOrderRef: "channel_order_ref",
MerchantOrderRef: "merchant_order_ref",
Status: "status",
SignatureHash: "signature_hash",
}
// Verify the signature
isValid := VerifySignature(paymentResponse, portOneSecret)
// Output the result of the verification
if isValid {
fmt.Println("Payment response is valid.")
} else {
fmt.Println("Payment response is invalid.")
}
}