Skip to main content

Signature Generation

Signature digunakan untuk proses autentikasi request yang di kirimkan ke LINKAGE ACCOUNT. SpeedCash menggunakan 2 type signature Asymmetric Without Token dan Asymmertic with token untuk proses mengambil token B2B atau memperpanjang masa berlaku token B2B2C diperlukan Asymmetric Without Token dan untuk autentikasi service lainya menggunakan Asymmertic with token

Rumus Signature Without Token

stringToSign = client_ID + "|" + X-TIMESTAMP
signature = SHA256withRSA (Private_Key, stringToSign)

Source Code Pembuatan Signature Asymetric without token

<?php
$clientId = 'your_client_id';
$timestamp = 'your_timestamp';

// Construct the string to sign
$stringToSign = $clientId . '|' . $timestamp;

// Load your private key (assuming it's in PEM format)
$privateKey = openssl_pkey_get_private('file://path/to/your/private_key.pem');

// Create a signature
$signature = '';
openssl_sign($stringToSign, $signature, $privateKey, OPENSSL_ALGO_SHA256);

// Encode the signature in base64
$base64Signature = base64_encode($signature);

echo "your signature : $base64Signature";
?>

Rumus Signature with Token

Untuk Signature with Token token yang digunakan antara B2B dan B2B2C, jika di header terdapat token B2B2C maka yang digunakan token B2B2C

stringToSign = HTTPMethod +”:“+ pathUrl +":"+ AccessToken +":“+ Lowercase(HexEncode(SHA- 256(minify(RequestBody))))+ ":“ +  X- TIMESTAMP
signature = HMAC_SHA512(clientSecret, stringToSign)

Source Code Pembuatan Signature Asymetric with token

<?php
$dateTime = new DateTime();
$dateTime->setTimezone(new DateTimeZone('Asia/Jakarta'));
$timeStamp = $dateTime->format(DateTime::ATOM);

// accessToken bisa di isi antara token B2B, B2B2C
$accessToken = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx";

//clientSecret bisa di isi dari yang sudah di kirim lewat email
$clientSecret = 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx';

// endpoinUrl bisa di isi sesuai dengan path dari servicenya
$endPointUrl = '/v1.0/registration-account-binding';

//request body bisa di isi payload sesuai dengan servicenya
$requestBody = [
"msisdn": "0812xxxxxxxx",
"merchantId": "121xxxx",
"additionalInfo": {
"callbackUrl": "https://yourUrl.com/speedcash/callback/binding",
"deviceId": "android-20013adf6xxxxxxxx"
}
];

$body = json_encode($requestBody, JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES);
$sha256Hash = hash('sha256', $body, true);

$hexEncode = strtolower(bin2hex($sha256Hash));
$stringToSign = "POST:{$endPointUrl}:{$accessToken}:{$hexEncode}:{$timeStamp}";
$stringToSignUtf8 = mb_convert_encoding($stringToSign, 'UTF-8');
$hmac = hash_hmac('sha512', $stringToSignUtf8, $clientSecret, true);
$genHmac = base64_encode($hmac);

print_r($genHmac);