How do I ensure that the link is tamper proof?

To ensure that the form and details cannot be tampered with, you can choose to sign the links. Here's how to do it:

  1. Specify which fields you want to protect. You may choose none, any or all of the fields. 
  2. Set the field as protected by marking the field name as a value to the key "data_readonly". 
  3. Repeat this for all the fields you want to protect (the output querystring is similar to what you would get with an HTML form with a select multiple attribute).

This is an example of a link with all fields protected. You may verify that tamper protection is on by trying to edit any of the read-only fields in the URL (such as amount).

The procedure for generating the signature is straightforward.

1. Concatenate the values of the read-only fields (in lexicographical order of the keys in lower case), with each value separated by a pipe (|). 

2. The resultant string is signed using the HMAC-SHA1 algorithm using a key/salt that we'll provide. There is a more detailed explanation on generating the signature here.

You use the key "data_sign" to specify the signature.

To get your key/salt, click here.

You also have the option to not let any transaction take place without signing of links. Write to us to enable this. 

Start Collecting Payment Now
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request