OPay API Signature

Signature authentication ensures the highest level of security for your payment creation requests. Not only does it provide a secure authentication mechanism, but also it ensures the integrity of your request payload, that is the content of your request payload has not been altered since it was transmitted from your side. OPay signatures are calculated using HMAC-SH512 applied to payload and signed with your secret key.

Your public key should be used for authorization header of the following API calls:

  1. Cashier Payment Status

API Signature Calculator

The authorization header of API requests that require signature authentication should contain your HMAC-SHA512 signature of your payload signed using your private key and merchant ID.

                    Authorization: Bearer {signature}
                    MerchantId   : 256612345678901

The following section helps you generate a signature from the HMAC computation of the private key and request payload.

Enter your OPay Private Key
Enter OPay API Payload

Sample Code

For an appropriate generation for the required HMAC SHA-512 signature, you need to:

  1. Sort your request payload JSON according to the alphabetical order of the request keys.
  2. Sign the sorted JSON with your secret key using HMAC SHA-512 algorithm.

The following code snippet helps you generate the HMAC SHA-512 signature required for OPay APIs can be found below:

                                    class NiAutographController
                                        private $secretkey;
                                        private $merchantId;

                                        public function __construct() {
                                            $this->merchantId = '256621051120756';
                                            $this->secretkey = 'OPAYPRV*************98453';

                                        public function test(){
                                            $data = [
                                                "amount"=> [
                                                  "currency"=> "NGN",
                                                  "total"=> 400
                                                "bankcard"=> [
                                                    "cardHolderName"=> "David",
                                                    "cardNumber"=> "5441110000000005",
                                                    "cvv"=> "100",
                                                    "enable3DS"=> true,
                                                    "expiryMonth"=> "01",
                                                    "expiryYear"=> "39"
                                                "product"=> [
                                                    "name"=> "test product",
                                                    "description"=> "this is a test product"
                                                "callbackUrl"=> "https://your-call-back-url.com",
                                                "country"=> "NG",
                                                "payMethod"=> "BankCard",
                                                "reference"=> "reference1234543234",
                                                "returnUrl"=> "https://your-return-url.com"
                                            $data2 = (string) json_encode($data,JSON_UNESCAPED_SLASHES);
                                            $auth = $this->auth($data2);
                                            return $auth;
                                        public function auth ( $data ) {
                                            $secretKey = $this->secretkey;
                                            $auth = hash_hmac('sha512', $data, $secretKey);
                                            return $auth;
                                   package com.opay.sdk.utils;

                                    import com.google.gson.Gson;
                                    import org.apache.commons.codec.binary.Hex;
                                    import javax.crypto.Mac;
                                    import javax.crypto.spec.SecretKeySpec;
                                    import java.nio.charset.StandardCharsets;
                                    import java.util.TreeMap;
                                    import java.util.UUID;

                                    public class SignatureUtils {

                                        private static final String privateKey = "OPAYPRV*******0187828";

                                        private static final String merchantId = "256621051120756";

                                        public static void main(String[] args) throws Exception {
                                            Gson gson = new Gson();
                                            TreeMap order = new TreeMap<>();
                                            TreeMap amount = new TreeMap<>();
                                            amount.put("total",new Integer(400));
                                            TreeMap bankcard = new TreeMap<>();
                                            TreeMap product = new TreeMap<>();
                                            product.put("name","your product name");
                                            product.put("description","your product description");
                                            order.put("reference", UUID.randomUUID().toString());

                                            String requestBody = gson.toJson(order);
                                            String oPaySignature = hmacSHA512(requestBody, privateKey);

                                        public static String hmacSHA512(final String data, final String secureKey) throws Exception{
                                            byte[] bytesKey = secureKey.getBytes();
                                            final SecretKeySpec secretKey = new SecretKeySpec(bytesKey, "HmacSHA512");
                                            Mac mac = Mac.getInstance("HmacSHA512");
                                            final byte[] macData = mac.doFinal(data.getBytes());
                                            byte[] hex = new Hex().encode(macData);
                                            return new String(hex, StandardCharsets.UTF_8);

See Also

User Profile 12 messages

James Jones
Application Developer
Recent Notifications
Another purpose persuade Due in 2 Days
Would be to people Due in 2 Days
The best product Due in 2 Days