OPay API Signature
Signature authentication ensures the highest level of security for your payment creation requests. Not only does it provide a secure authentication mechanism, but also it ensures the integrity of your request payload, that is the content of your request payload has not been altered since it was transmitted from your side. OPay signatures are calculated using HMAC-SH512 applied to payload and signed with your secret key.
Your public key should be used for authorization header of the following API calls:
API Signature Calculator
The authorization header of API requests that require signature authentication should contain your HMAC-SHA512 signature of your payload signed using your private key and merchant ID.
Authorization: Bearer {signature}
MerchantId : 256612345678901
The following section helps you generate a signature from the HMAC computation of the private key and request payload.
Sample Code
For an appropriate generation for the required HMAC SHA-512 signature, you need to:
- Sort your request payload JSON according to the alphabetical order of the request keys.
- Sign the sorted JSON with your secret key using HMAC SHA-512 algorithm.
The following code snippet helps you generate the HMAC SHA-512 signature required for OPay APIs can be found below:
class NiAutographController
{
private $secretkey;
private $merchantId;
public function __construct() {
$this->merchantId = '256621051120756';
$this->secretkey = 'OPAYPRV*************98453';
}
public function test(){
$data = [
"amount"=> [
"currency"=> "NGN",
"total"=> 400
],
"bankcard"=> [
"cardHolderName"=> "David",
"cardNumber"=> "5441110000000005",
"cvv"=> "100",
"enable3DS"=> true,
"expiryMonth"=> "01",
"expiryYear"=> "39"
],
"product"=> [
"name"=> "test product",
"description"=> "this is a test product"
],
"callbackUrl"=> "https://your-call-back-url.com",
"country"=> "NG",
"payMethod"=> "BankCard",
"reference"=> "reference1234543234",
"returnUrl"=> "https://your-return-url.com"
];
$data2 = (string) json_encode($data,JSON_UNESCAPED_SLASHES);
$auth = $this->auth($data2);
return $auth;
}
public function auth ( $data ) {
$secretKey = $this->secretkey;
$auth = hash_hmac('sha512', $data, $secretKey);
return $auth;
}
}
package com.opay.sdk.utils;
import com.google.gson.Gson;
import org.apache.commons.codec.binary.Hex;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import java.nio.charset.StandardCharsets;
import java.util.TreeMap;
import java.util.UUID;
public class SignatureUtils {
private static final String privateKey = "OPAYPRV*******0187828";
private static final String merchantId = "256621051120756";
public static void main(String[] args) throws Exception {
Gson gson = new Gson();
TreeMap order = new TreeMap<>();
TreeMap amount = new TreeMap<>();
amount.put("currency","NGN");
amount.put("total",new Integer(400));
order.put("amount",amount);
TreeMap bankcard = new TreeMap<>();
bankcard.put("cardHolderName","DAVID");
bankcard.put("cardNumber","450875*******");
bankcard.put("cvv","100");
bankcard.put("enable3DS",Boolean.TRUE);
bankcard.put("expiryMonth","02");
bankcard.put("expiryYear","26");
order.put("bankcard",bankcard);
TreeMap product = new TreeMap<>();
product.put("name","your product name");
product.put("description","your product description");
order.put("product",product);
order.put("callbackUrl","https://your-call-back-url.com");
order.put("country","NG");
order.put("payMethod","BankCard");
order.put("reference", UUID.randomUUID().toString());
order.put("returnUrl","https://your-return-url.com");
String requestBody = gson.toJson(order);
System.out.println("--request:");
System.out.println(requestBody);
String oPaySignature = hmacSHA512(requestBody, privateKey);
System.out.println("--signature:");
System.out.println(oPaySignature);
}
public static String hmacSHA512(final String data, final String secureKey) throws Exception{
byte[] bytesKey = secureKey.getBytes();
final SecretKeySpec secretKey = new SecretKeySpec(bytesKey, "HmacSHA512");
Mac mac = Mac.getInstance("HmacSHA512");
mac.init(secretKey);
final byte[] macData = mac.doFinal(data.getBytes());
byte[] hex = new Hex().encode(macData);
return new String(hex, StandardCharsets.UTF_8);
}
}
