Balance Information
Overview
This service is used to manage and display Paydia Bisnis and Paydia app's balance via merchant. For detail information will be describe in the next part.
Paydia's API spec will contain 1 main endpoints which is:
No | API Name | Description |
---|---|---|
1 | Balance Inquiry | This API is used to query Paydia Bisnis and Paydia app's balance via merchant |
Signature Generation and Validation
The below will explain about signature generation & validation.
Symmetric with B2B Access Token (HMAC_SHA512)
The following steps will explain about Symmetric with B2B Access Token (HMAC_SHA512).
Digital Signature Generation
Apply Token B2B Signature
- Compose the string to sign:
- The signature string is generated from string to sign above with applying SHA-256 with RSA-2048 encryption using pkcs8 private key, and then encode the result to base64.
- Put the signature string into HTTP header “X-SIGNATURE“ when call API for applying B2B access token.
X-CLIENT-KEY + "|" + X-TIMESTAMP |
Transaction Signature
- Compose the string to sign:
- The signature string is generated from string to sign above with applying HMAC_SHA512 hashing using secret key which given by Paydia, and then encode the result to base64.
- Put the signature string into HTTP header “X-SIGNATURE“ when call Paydia's API.
HTTP METHOD + ”:” + RELATIVE PATH URL + “:“ + B2B ACCESS TOKEN + “:“ + LowerCase(HexEncode(SHA-256(Minify(HTTP BODY)))) + “:“ + X-TIMESTAMP |
Digital Signature Validation
Apply Token B2B Signature
The below are steps of digital signature generation:
- Take the signature from HTTP header “X-SIGNATURE“.
- Decrypt the signature using public key which is pair with private key that used to generate the signature.
- Verify the correctness of the signature based on SHA-256 with RSA-2048 encryption signing against the string to sign.
- If the verification is correct, then consume the message.
Transaction Signature
- Compose the string to sign:
- Generate the signature from string to sign above with applying HMAC_SHA512 hashing using secret key which given by Paydia, and then encode the result to base64.
- Take the signature from HTTP header “X-SIGNATURE“.
- Compare the value between X-SIGNATURE and the generated signature, if those value are the same, then consume the message.
HTTP METHOD + ”:” + RELATIVE PATH URL + “:“ + B2B ACCESS TOKEN + “:“ + LowerCase(HexEncode(SHA-256(Minify(HTTP BODY)))) + “:“ + X-TIMESTAMP |
Asymmetric without Access Token (SHA256withRSA)
The following steps will explain about Asymmetric without Access Token (SHA256withRSA).
Asymmetric Key Generation
The below will explain about asymmetric key generation:
- Create Private Key
- Export Public Key
- Private Key to PKCS#8 Encode
openssl genrsa -out rsa_private_key.pem 2048 |
openssl rsa -in rsa_private_key.pem -out rsa_public_key.pem -pubout |
openssl pkcs8 -topk8 -in rsa_private_key.pem -out pkcs8_rsa_private_key.pem -nocrypt |
Partner should generate the signature with pkcs8_rsa_private_key.pem and Paydia will use rsa_public_key.pem to validate the signature and vice versa.
Digital Signature Generation
The below are steps of digital signature generation:
- Compose the string to sign:
- Apply token:
- Transactional:
- The signature string is generated from string to sign above with applying SHA-256 with RSA-2048 encryption using pkcs8 private key, and then encode the result to base64.
- Put the signature string into HTTP header “X-SIGNATURE“.
X-CLIENT-KEY + "|" + X-TIMESTAMP |
HTTP METHOD + ”:” + RELATIVE PATH URL + “:“ + LowerCase(HexEncode(SHA-256(Minify(HTTP BODY)))) + “:“ + X-TIMESTAMP |
example:
X-SIGNATURE: k0DJhMxlfb6ILcDVXvaDr1i00RK4oH5OdPtBFaCpe86CcWaI85rUi6iFOEHXDT2/Gg5QALLOPzqgOnw8XaH8ZXzC0mSRz0D9SkMi0CEAeDFVVHwPuDX9/s35NGgbQJQ0uAPDKKgBC1IAJ1pE7P4+E4jyPbEH8tC1Hm7IhTf+klDgDOmBEM1VCCGhf1MWb8O6MF09osImYkiR+NWvaZu6AnQ26wOf7BtvnICcCGhrbVLm4RfPNgFhWpVqpZMlWo4p/EvsW5xGBuXZvEnNzsFKOBa+88uqXjizl7BfDLLh7DWuqOwXjgtBdGFQ2C1R4b9YcymRoudb1O9L0ZQEbJbNNQ== |
Digital Signature Validation
The below are steps of digital signature validation:
- Take the signature from HTTP header “X-SIGNATURE“.
- Decrypt the signature using public key which is pair with private key that used to generate the signature.
- Verify the correctness of the signature based on SHA-256 with RSA-2048 encryption signing against the string to sign.
- If the verification is correct, then consume the message.
Document Version
The following table is used to show versioning of this document:
No | Date | Version | Remarks | Page |
---|---|---|---|---|
1 | May 10, 2023 | 1.2.2 |
| |
2 | Apr 26, 2023 | 1.1.1 |
| |
3 | Nov 4, 2022 | 1.1.0 | Initial Release | Everything related to PayConnect |