1. Key Credential
9Pay provides a set of corresponding connection information for each environment
- Merchant Key: This is the Merchant's identification information.
- Merchant Secret Key: This information is used to generate an electronic signature (Signature).
Domain:
- Product: https://payment.9pay.vn
- Sandbox: https://sand-payment.9pay.vn
2. Digital signature
Note: Choose UTF-8 encoding for all codes
2.1. Signature when creating request
Signature generated by HMAC-SHA256 algorithm
| Signature = base64_encode(HMACSHA256( <Http request method> +”\n”+<URI>+”\n”+<timestamp> +”\n”+<canonicalized resources>, <merchant_secret_key>)) |
| Key | Description |
| <Http request method> | Method to call “POST” or “GET” |
| <URI> | URI from 9Pay will be call |
| <timestamp> | Unixtimestamp. max length 10 |
| <merchant_secret_key> | Checksum key provided from 9Pay |
| <canonicalized resources> |
Step 1: List all required parameters Step 2: Concatenate parameter names and their corresponding values with '=' and connect each parameter pair with '&'. Example: |
| Example | Signature = base64_encode(HMACSHA256( “POST”+”\n”+https://sand-payment.9pay.vn/payments/create+”\n”+1611135904+”\n”+merchantKey=”NGuTdi”&invoice_no=92938380&amount=10000&description=”Thanh toán đơn hàng”&return_url=https://sand-payment.9pay.com, “pe1asmBPtPBZo8o6SIIwPFbDXTEvuKwTLlD”)) |
2.2. Confirming response data
a. Signature generated by HASH SHA256 algorithm
The returned result always includes 3 values: result (encoded data), checksum (checksum generated from encoded data and partner's key checksum), and version.
|
$ninePayResult = [ 'result' => 'string result', 'checksum' => 'string checksum', 'version' => 'v1', ]; |
b. Verify the checksum code and retrieve payment information data
Use the SHA256 hash of the result and the provided key checksum to generate the authentication checksum code. Compare this code with the received checksum value to verify the validity of the data.
Example PHP:
$secretKeyCheckSum (required to provide for checksum verification)
|
$hashChecksum = strtoupper(hash('sha256', $ninePayResult['result'] . $secretKeyCheckSum)); // Check checksum if ($hashChecksum === $ninePayResult[' checksum']) { // Payment information received $arrayParams = json_decode(base64_decode($ninePayResult['result']), true); } |
3. Authentication
Include the following parameters in the API header with each API call
| Attribute | Type | Required | Decription |
| Authorization | string | yes |
Signature<space>Algorithm=<algorithm>, Credential=<merchantKey>,SignedHeaders=<signedHeaders>,Signature=<merchantSignature> với <algorithm> = “HS256” <merchantKey> is the key received during integration <signHeaders> is empty <merchantSignature> generated in the 'Signature' section when creating a request |
| Date | number | yes | timestamp/unix time - max length 10 |