Forte Checkout - Creating a Signature (HASH Code) : Support Services

The example below displays what information your signature should contain:

HMACSHA256("api_access_id|method|version_number|total_amount|utc_time|order_number|customer_token|paymethod_token",
"API Secure Key")

This parameter must be verified to confirm the validity of the returned message (for both callbacks and webhooks). An invalidated response signature could present an exploitable weakness in your code.

Use the following parameters when creating your hash signature:

Parameter	Description	Type
api_access_id	The organization-specific API Access ID value that you created in Dex. See the Merchant Configuration for information on creating this value.	string
method	Supported types include the following: sale schedule token auth	string
version_number	2.0	string
total_amount	A string that represents the total amount of the transaction. NOTE: The total amount must be sent as a string as the button parameter. A possible side effect of total_amount being sent as a number is seemingly random, intermittent authentication failures.	string
utc_time	A date-time value (since 01/01/0001 00:00:00) that marks the day and time the request was sent to Checkout in ticks. Checkout will only accept utc_time values that are 20 minutes before the current time or 10 minutes after the current time. Requests expire after 10 minutes to prevent malicious users from capturing requests and resubmitting them at a later time. Checkout provides an API that returns the correct UTC time from Forte’s server. Using this server-side value prevents inadvertent expiration errors from client PCs that do not have the correct local time set. Use the following get UTC API URLs in your code to retrieve UTC ticks from Forte's servers: • https://checkout.forte.net/getUTC?callback=? //production • https://sandbox.forte.net/checkout/getUTC?callback=? //sandbox The following script returns the correct UTC time for the hash: <script> var button = $('button[api_access_id]'); $.getJSON('https://sandbox.forte.net/checkout/getUTC?callback=?').done(function (utc) { button.attr('utc_time', utc); }); </script> You can also use the following PHP/Curl code sample to fetch the UTC time from the getUTC API URL displayed above (e.g., ?(XXXXXXXXXXXX643793); where XXXXXXXXXXXX643793 is the UTC time value). <?php function utc() { $curlUTC = curl_init(); curl_setopt($curlUTC, CURLOPT_URL, 'https://checkout.forte.net/getUTC?callback=?'); curl_setopt($curlUTC, CURLOPT_BINARYTRANSFER, true); curl_setopt($curlUTC, CURLOPT_RETURNTRANSFER, true); $curlData = (curl_exec($curlUTC)); $positionOfOpeningParenthesis = stripos($curlData,"("); $positionOfClosingParenthesis = stripos($curlData,")"); $utc = substr($curlData,$positionOfOpeningParenthesis+1,$positionOfClosingParenthesis-2); return $utc; curl_close($curlUTC); }	string
order_number	A string that represents the order number associated with a transaction.	string
customer_token	An alphanumeric ID used to reference a customer. Forte stores the token and its associated information.	string
paymethod_token	An alphanumeric ID used to reference stored payment information (card or eCheck) for a customer. Forte stores the token and its associated information.	string

Send the hashed values in signature parameter, a character string of varying length (depending on the hash method) that is used to represent a specific transaction for a specific merchant in Forte Checkout.

Forte Checkout V2 Auth – CSG Forte

Forte Checkout - Creating a Signature (HASH Code)

Related Articles