4. Compute HASH
Hashing Methods
The parameter tampering attack is based on the manipulation of parameters exchanged between client and server in order to modify application data, such as user credentials, amount and quantity of products, etc.
public string ComputeHash(Request _req)
{
string _key= { Secret Key Provided by Casheer}
string datatocomputeHash = $"{_req.amount}{_req.authKey}{_req.currency}{_req.merchantCode}{_req.pc}{_req.referenceID}{_req.sourceCurrency}{_req.timeStamp}{_req.tunnel}{_req.userReference}";
return GetHashValue(datatocomputeHash, _key);
}
public string GetHashValue(String datatocomputeHash, String HashKey)
{
HMACSHA256 hmac = new HMACSHA256(System.Text.Encoding.UTF8.GetBytes(HashKey));
string computedHash = convertToHex(hmac.ComputeHash(System.Text.UTF8Encoding.Default.GetBytes(datatocomputeHash)));
return computedHash;
}
private string convertToHex(byte[] data)
{
System.Text.StringBuilder sb = new System.Text.StringBuilder(data.Length);
foreach (byte b in data)
sb.AppendFormat("{0:X2}", (int)b);
return sb.ToString();
}
SubVendor Hash Method
To ensure secure processing and prevent parameter tampering attacks, it is mandatory to generate a hash for each sub-vendor included in the SubVendors
array within the request body. This hash must be created using the respective sub-vendor's details and secured using the main merchant's Authkey
. The generated hash should be included in the request to verify the integrity and authenticity of each sub-vendor's data. Failure to include a valid hash for each sub-vendor may result in the rejection of the multivendor payment request.
Below is the code sample to create sub nvedor hash
public string ComputeSubvendorHash(SubVendor _subvendor ,Request _req)
{
string _key= {Main merchant Secret Key Provided by Casheer}
string datatocomputeHash = $"{_subvendor.amount}{_subvendor.id}{_subvendor.vendorrefrence}{_req.timeStamp}";
return GetHashValue(datatocomputeHash, _key);
}
public string GetHashValue(String datatocomputeHash, String HashKey)
{
HMACSHA256 hmac = new HMACSHA256(System.Text.Encoding.UTF8.GetBytes(HashKey));
string computedHash = convertToHex(hmac.ComputeHash(System.Text.UTF8Encoding.Default.GetBytes(datatocomputeHash)));
return computedHash;
}
private string convertToHex(byte[] data)
{
System.Text.StringBuilder sb = new System.Text.StringBuilder(data.Length);
foreach (byte b in data)
sb.AppendFormat("{0:X2}", (int)b);
return sb.ToString();
}
Last updated