# 4. Compute HASH ### Hashing Methods The parameter tampering attack is based on the manipulation of parameters exchanged between client and server in order to modify application data, such as user credentials, amount and quantity of products, etc. {% tabs %} {% tab title="C#" %} ```csharp public string ComputeHash(Request _req) { string _key= { Secret Key Provided by Casheer} string datatocomputeHash = $"{_req.amount}{_req.authKey}{_req.currency}{_req.merchantCode}{_req.pc}{_req.referenceID}{_req.sourceCurrency}{_req.timeStamp}{_req.tunnel}{_req.userReference}"; return GetHashValue(datatocomputeHash, _key); } public string GetHashValue(String datatocomputeHash, String HashKey) { HMACSHA256 hmac = new HMACSHA256(System.Text.Encoding.UTF8.GetBytes(HashKey)); string computedHash = convertToHex(hmac.ComputeHash(System.Text.UTF8Encoding.Default.GetBytes(datatocomputeHash))); return computedHash; } private string convertToHex(byte[] data) { System.Text.StringBuilder sb = new System.Text.StringBuilder(data.Length); foreach (byte b in data) sb.AppendFormat("{0:X2}", (int)b); return sb.ToString(); } ``` {% endtab %} {% tab title="VB.Net" %} ```aspnet Private Function ComputeHash(ByVal _req As Request) As String Dim _key As Strig={ Secret Key Provided by Casheer} Dim datatocomputeHash As String = $"{_req.amount}{_req.authKey}{_req.currency}{_req.merchantCode}{_req.pc}{_req.referenceID}{_req.sourceCurrency}{_req.timeStamp}{_req.tunnel}{_req.userReference}" Return GetHashValue(datatoHash, _key) End Function Public Function GetHashValue(ByVal datatocomputeHash As String, ByVal HashKey As String) As String Dim hmac As HMACSHA256 = New HMACSHA256(System.Text.Encoding.UTF8.GetBytes(HashKey)) Dim computedHash As String = convertToHex(hmac.ComputeHash(System.Text.UTF8Encoding.[Default].GetBytes(datatocomputeHash))) Return computedHash End Function Private Function convertToHex(ByVal data As Byte()) As String Dim sb As System.Text.StringBuilder = New System.Text.StringBuilder(data.Length) For Each b As Byte In data sb.AppendFormat("{0:X2}", CInt(b)) Next Return sb.ToString() End Function ``` {% endtab %} {% tab title="PHP" %} ```php private function ComputeHash(Request $req) { $_key= {Secret Key Provided by Casheer} $datatocomputeHash = $_req.amount.$_req.authKey.$_req.currency.$_req.merchantCode.$_req.pc.$_req.referenceID.$_req.sourceCurrency.$_req.timeStamp.$_req.tunnel.$_req.userReference; return GetHashValue($datatocomputeHash, $_key); } public function GetHashValue($datatocomputeHash,$HashKey) { $computedHash = strtoupper(hash_hmac("sha256", $datatocomputeHash,$HashKey)); return $computedHash } ``` {% endtab %} {% tab title="TypeScript" %} ``` private ComputeHash(_req: Request): string { let _key={ Secret Key Provided by Casheer} let datatocomputeHash: string = "{_req.amount}{_req.authKey}{_req.currency}{_req.merchantCode}{_req.pc}{_req.referenceID}{_req.sourceCurrency}{_req.timeStamp}{_req.tunnel}{_req.userReference}"; return GetHashValue(datatocomputeHash, _key); } public GetHashValue(datatocomputeHash: String, HashKey: String): string { let hmac: HMACSHA256 = new HMACSHA256(System.Text.Encoding.UTF8.GetBytes(HashKey)); let computedHash: string = convertToHex(hmac.ComputeHash(System.Text.UTF8Encoding.Default.GetBytes(datatocomputeHash))); return computedHash; } pagecode:` private string convertToHex(byte[] data) { System.Text.StringBuilder sb = new System.Text.StringBuilder(data.Length); foreach (byte b in data) sb.AppendFormat("{0:X2}", (int)b); return sb.ToString(); }`; ``` {% endtab %} {% endtabs %} ### SubVendor Hash Method To ensure secure processing and prevent parameter tampering attacks, it is mandatory to generate a **hash for each sub-vendor** included in the `SubVendors` array within the request body. This hash must be created using the respective sub-vendor's details and secured using the main merchant's `Authkey`. The generated hash should be included in the request to verify the integrity and authenticity of each sub-vendor's data. Failure to include a valid hash for each sub-vendor may result in the rejection of the multivendor payment request. Below is the code sample to create sub nvedor hash {% tabs %} {% tab title="C#" %} ```csharp public string ComputeSubvendorHash(SubVendor _subvendor ,Request _req) { string _key= {Main merchant Secret Key Provided by Casheer} string datatocomputeHash = $"{_subvendor.amount}{_subvendor.id}{_subvendor.vendorrefrence}{_req.timeStamp}"; return GetHashValue(datatocomputeHash, _key); } public string GetHashValue(String datatocomputeHash, String HashKey) { HMACSHA256 hmac = new HMACSHA256(System.Text.Encoding.UTF8.GetBytes(HashKey)); string computedHash = convertToHex(hmac.ComputeHash(System.Text.UTF8Encoding.Default.GetBytes(datatocomputeHash))); return computedHash; } private string convertToHex(byte[] data) { System.Text.StringBuilder sb = new System.Text.StringBuilder(data.Length); foreach (byte b in data) sb.AppendFormat("{0:X2}", (int)b); return sb.ToString(); } ``` {% endtab %} {% tab title="VB.Net" %} ```vbnet Private Function ComputeSubvendorHash(ByVal _subvendor As SubVendor,ByVal _req As Request) As String Dim _key As Strig={ Main merchant Secret Key Provided by Casheer} Dim datatocomputeHash As String = $"{_subvendor.amount}{_subvendor.id}{_subvendor.vendorrefrence}{_req.timeStamp}" Return GetHashValue(datatoHash, _key) End Function Public Function GetHashValue(ByVal datatocomputeHash As String, ByVal HashKey As String) As String Dim hmac As HMACSHA256 = New HMACSHA256(System.Text.Encoding.UTF8.GetBytes(HashKey)) Dim computedHash As String = convertToHex(hmac.ComputeHash(System.Text.UTF8Encoding.[Default].GetBytes(datatocomputeHash))) Return computedHash End Function Private Function convertToHex(ByVal data As Byte()) As String Dim sb As System.Text.StringBuilder = New System.Text.StringBuilder(data.Length) For Each b As Byte In data sb.AppendFormat("{0:X2}", CInt(b)) Next Return sb.ToString() End Function ``` {% endtab %} {% tab title="PHP" %} ```php private function ComputeHash(SubVendor $_subvendor,Request $req) { $_key= {Main merchant Secret Key Provided by Casheer} $datatocomputeHash = $_subvendor.amount.$_subvendor.id.$_subvendor.vendorrefrence.$_req.timeStamp; return GetHashValue($datatocomputeHash, $_key); } public function GetHashValue($datatocomputeHash,$HashKey) { $computedHash = strtoupper(hash_hmac("sha256", $datatocomputeHash,$HashKey)); return $computedHash } ``` {% endtab %} {% endtabs %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://kwpaydocs.casheer.com/sample-code/4.-compute-hash.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.