How do I ensure that the link is tamper proof?

To ensure that the form and details cannot be tampered with, you can choose to sign the links. Here's how to do it:

  1. Specify which fields you want to protect. You may choose none, any or all of the fields. 
  2. Set the field as protected by marking the field name as a value to the key "data_readonly". 
  3. Repeat this for all the fields you want to protect (the output querystring is similar to what you would get with an HTML form with a select multiple attribute).

This is an example of a link with all fields protected. You may verify that tamper protection is on by trying to edit any of the read-only fields in the URL (such as amount).

The procedure for generating the signature is straightforward.

1. Concatenate the values of the read-only fields (in lexicographical order of the keys in lower case), with each value separated by a pipe (|). 

2. The resultant string is signed using the HMAC-SHA1 algorithm using a key/salt that we'll provide. There is a more detailed explanation on generating the signature here.

You use the key "data_sign" to specify the signature.

To get your key/salt, click here.

You also have the option to not let any transaction take place without signing of links. Write to us to enable this. 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request