API
HomeEasytransac
HomeEasytransac
  1. Authentication
  • Start
    • API Domain Usage
    • Get an API key
    • Communication
  • Documentation
    • Errors
      • ApiError codes
    • Webhooks
      • PUSH Method
      • PULL Method
  • V2
    • Overview
    • Authentication
      • JWT access token - Generate
        POST
    • Endpoints
      • Open Banking
        • Open Banking - Initialize
      • SDD
        • SDD - Mandate - Create
        • SDD - Mandate - Debit
        • SDD - Mandate - Get status
      • Transaction
        • Transaction - Get status
  • V1
    • Documentation
      • Signature
    • Authentication
      • Overview
      • Security
      • PSD2 and 3DSecure
    • API - Payment
      • Recurring payments
      • Card payment
      • 1-click payment
      • SEPA Direct Debit
      • Transfer (Open Banking)
      • Payment page
      • Cancel a payment page
      • Resend the payment page
      • P2P Transfert
      • Update a subscription
      • Status
      • Refund
      • Capture
      • Cancellation
      • List of cards
      • List of IBANs
      • History
      • Payment requests
      • Card information
    • API - User
      • Add a merchant
      • Update a merchant
      • Search for a merchant
      • List of movements
      • Make a payout
      • List all payouts
      • Add a logo
      • Get the activity
      • Update activity
    • API - Document
      • Add a document
      • Get a document
      • List documents
  1. Authentication

Security

Signature

In order to extend security, the API methods systematically require the generation of a signature using the parameters of your requests.

This signature is also returned when the API responds, so you can check that it matches.

The signature is composed of all the fields of your query, sorted in alphabetical order, concatenated with the "$" separator.

To this string is added your API key.

The rendered string must then be hashed via the SHA-1 algorithm to obtain the final security signature.

Here is an example of how to generate the signature:

Let's say you want to do a card payment, here's your table of parameters:

[
    "Amount": 1234,
    "Uid": "Abc123",
    "Email": "john@doe.com",
    "CardNumber": "1234567897654321",
    "CardMonth": "09",
    "CardYear": "2016",
    "CardCVV": "123",
    "ClientIp": "89.184.22.134"
]

You must sort the argument names in alphabetical order:

[
   "Amount": 1234,
   "CardCVV": "123",
   "CardMonth": "09",
   "CardNumber": "1234567897654321",
   "CardYear": "2016",
   "ClientIp": "89.184.22.134"
   "Email": "john@doe.com",
   "Uid": "Abc123",
]

You build a new string composed of the values of the sorted arguments, separated by $ : 1234$123$09$1234567897654321$2016$89.184.22.134$john@doe.com$Abc123

You end the string by adding the $ character followed by your API key: 1234$123$09$1234567897654321$2016$89.184.22.134$john@doe.com$Abc123$YOURAPIKEY

Finally, apply the SHA-1 algorithm on the whole string to obtain a signature of the following format: 56041a82332797199817f4dcbcb9506c64bd0dc5

You can now provide the key in your request and call the desired webservice:

[
   "Amount": 1234,
   "CardCVV": "123",
   "CardMonth": "09",
   "CardNumber": "1234567897654321",
   "CardYear": "2016",
   "ClientIp": "89.184.22.134"
   "Email": "john@doe.com",
   "Uid": "Abc123",
   "Signature": "56041a82332797199817f4dcbcb9506c64bd0dc5"
]

Here is an example of signature generation in PHP. You need to call the getSignature() function to which you pass the parameters to send to the API and your secret API key:

<?php
  function getSignature($params, $apiKey)
  {
      if (isset($params['Signature']))
          unset($params['Signature']);

chain</span> <span class="token operator">=</span> <span class="token function">is_array</span><span
                        class="token punctuation">(</span><span class="token variable">params) ? implode(''</span><span
                        class="token punctuation">,</span> <span class="token function">formatSignature</span><span
                        class="token punctuation">(</span><span class="token variable">params)) : params</span><span
                        class="token punctuation">;</span>
      <span class="token keyword">return</span> <span class="token function">sha1</span><span class="token punctuation">(</span><span
                        class="token variable">chain.''</span><span class="token operator">.</span><span
                        class="token variable">apiKey);

}


function formatSignature(params</span><span
                        class="token punctuation">)</span>
  <span class="token punctuation">{</span>
      <span class="token variable">params = array_change_key_case(params</span><span
                        class="token punctuation">,</span> <span class="token constant">CASE_LOWER</span><span
                        class="token punctuation">)</span><span class="token punctuation">;</span>
      <span class="token function">ksort</span><span class="token punctuation">(</span><span class="token variable">params);


foreach (params</span> <span
                        class="token keyword">as</span> <span class="token variable">key => value</span><span
                        class="token punctuation">)</span>
      <span class="token punctuation">{</span>
          <span class="token keyword">if</span> <span class="token punctuation">(</span><span class="token function">is_array</span><span
                        class="token punctuation">(</span><span class="token variable">value))

{

value</span> <span class="token operator">=</span> <span
                        class="token function">array_change_key_case</span><span class="token punctuation">(</span><span
                        class="token variable">value, CASE_LOWER);

ksort($value);


params</span><span class="token punctuation">[</span><span
                        class="token variable">key] = implode(''</span><span
                        class="token punctuation">,</span> <span class="token function">formatSignature</span><span
                        class="token punctuation">(</span><span class="token variable">value));

}

}


return $params;

}

?>

Proactive behavior analysis

The security is increased by a second step in order to increase the sustainability of the services. All requests are logged on the Easytransac side to track and send you alerts when suspicious behavior is detected.

Quota

For security reasons, we have a limit of 2000 requests per 15 minutes per API key. After this limit, your requests will be automatically rejected. In a typical use case, you will not be impacted by these restrictions.

Previous
Overview
Next
PSD2 and 3DSecure
Built with