Tarlanpayments
Eng
Eng
  • Acquiring
    • General information
      • Structure of payment processing
      • Kinds of operations
      • 3D-Secure
      • PCI DSS
    • Types of transactions
    • Structure of system responses
    • Error code
    • Transaction statuses
    • Signature Creation
    • Additional parameters
    • Interaction with the payment method
      • Initiating funds receipts
      • Initiating pay out
      • Card link
      • Initiating funds using Apple Pay
      • Initiating funds using Google Pay
      • Iframe
    • Payments without form of payment
      • One click
    • Smart Pay
      • Google pay
    • Supplementary methods
      • Removal of a linked user card
      • Verification of transaction status
      • Receiving a list of cards
      • Refund
      • Upper fee calculation
    • Webhook of the payment system
      • Payment Status
      • Payment ready to be made
    • Tilda Publishing
    • Edit summary
  • AGWS
    • Account Status Codes Guide
    • Error Codes
    • Reason for operation rejection
    • Transaction Lifetime
    • Transaction Status Guide
    • Creating a Signature
    • Check account status
    • Make a payment
    • Checking the refill status
    • Checking the remaining balance on the account
    • Confirmation of funds debit
    • Creating a payment link
    • Showcase Flow
    • Service Provider Flow
    • Payment System Callback
    • Payment Processing Scheme
  • Receiving a fiscal receipt
  • Calculation of the upper commission
Powered by GitBook
On this page
  1. Acquiring

Signature Creation

Requests for interaction with the payment system shall be signed by using SHA256 algorithm.

To create a signature be required:

  1. In case of POST request, requestData request body is sorted alphabetically and encoded in BASE64

  2. In case of GET request, convert Query params to JSON. FROM: https://prapi.tarlanpayments.kz/transaction/api/v1/system/client/cards?merchant_id=123&project_id=124&project_client_id=999 TO: { "merchant_id" : 123, "project_client_id" : "999", "project_id" : 124} After conversion, sort alphabetically and encode in BASE64.

  3. Concatenate encoded request body (base64EncodedData) and secret (issued to the merchant by a payment insitution)

  4. Using hashing function SHA256 hash the obtained result (dataToSign)

  5. Add signature to the request header Authorization: Bearer sign

The entire request body is included in the signature, except for fields with an empty string value ""

The additional_data field is not involved in signature creating

curl --location 'https://prapi.tarlanpayments.kz/transaction/...' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer ff1a38a78ccca1b313ae172307e49112066ec2f5a1dfa2a76110104da3012896'
--data-raw '{}'
<?php

$requestData = [
    "project_client_id" => "9999",
    "merchant_id" => 1,
    "project_id" => 1,
    "additional_data" => ["key" => "This should be excluded"]
];

$secret = "12345";

// Remove the "additional_data" field from the request data
unset($requestData["additional_data"]);

// Sort the request data by keys in alphabetical order
ksort($requestData);

// Encode the sorted request data to JSON
$sortedJson = json_encode($requestData, JSON_UNESCAPED_SLASHES);

// Encode the sorted JSON to base64
$base64EncodedData = base64_encode($sortedJson);

// Concatenate the base64-encoded data with the secret
$dataToSign = $base64EncodedData . $secret;

// Hash the result to SHA-256
$sha256Hash = hash("sha256", $dataToSign);

echo $sha256Hash;
import json
import base64
import hashlib

request_data = {
    "project_client_id": "9999",
    "merchant_id": 1,
    "project_id": 1,
    "additional_data": {"key":"This should be excluded"}
}

secret = "12345"

# Remove the "additional_data" field from the request data
if "additional_data" in request_data:
    del request_data["additional_data"]

# Sort the request data by keys in alphabetical order
sorted_data = json.dumps(
        request_data,
        sort_keys=True,
        ensure_ascii=False,
        separators=(',', ':'),
    )

# Encode the sorted JSON to base64
base64_encoded_data = base64.b64encode(sorted_data.encode()).decode()

# Concatenate the base64-encoded data with the secret
data_to_sign = base64_encoded_data + secret

# Hash the result to SHA-256
sha256_hash = hashlib.sha256(data_to_sign.encode()).hexdigest()

print(sha256_hash)
package main

import (
	"crypto/sha256"
	"encoding/base64"
	"encoding/json"
	"fmt"
)  // Тело берется из создания 

type Request struct {
	ProjectClientID string `json:"project_client_id"`
	MerchantId      uint64 `json:"merchant_id"`
	ProjectId       uint64 `json:"project_id"`
	AdditionalData  map[string]string `json:"additional_data"`
}

const secret = "12345"

func main() {
	request := Request{
		ProjectClientID: "9999",
		MerchantId:      1,
		ProjectId:       1,
		AdditionalData: map[string]string{
			"key": "This should be excluded",
		},
	}

	notSortedJson, err := json.Marshal(&request)
	if err != nil {
		panic(err)
	}

	var notSorteddMap map[string]interface{}

	
	if err = json.Unmarshal(notSortedJson, &notSorteddMap); err != nil {
		panic(err)
	}

	delete(notSortedMap, "additional_data")
	
	sortedJson, err := json.Marshal(&notSorteddMap)
	if err != nil {
		panic(err)
	}

	signData := base64.StdEncoding.EncodeToString(sortedJson)
	
	sign := sha256.Sum256([]byte(signData + secret))

	fmt.Printf("%x", sign)

}
const paymentSecretKey = "123";

String hashedSecretKey({
  required Map<String, dynamic> requestData,
}) {
  // Sort the request data by keys in alphabetical order
  List<MapEntry<String, dynamic>> sortedEntries = requestData.entries.toList()
    ..sort((a, b) => a.key.compareTo(b.key));
  Map<String, dynamic> sortedData = Map.fromEntries(sortedEntries);

  // Sort the request data by keys in alphabetical order
  String encodedData = json.encode(sortedData);

  // Encode the sorted JSON to base64
  String base64EncodedData = base64.encode(Utf8Encoder().convert(encodedData));

  // Concatenate the base64-encoded data with the secret
  String dataToSign = base64EncodedData + paymentSecretKey;

  // Hash the result to SHA-256
  Digest sha256Hash = sha256.convert(Utf8Encoder().convert(dataToSign));

  final result = sha256Hash.toString();
  log('auth token $result');

  return result;
}