The CheckoutPro SDK uses hashes to ensure security of the transaction and preventing any unauthorized intrusion or modification. The CheckoutPro SDK requires two types of hashes:
Static Hashes (Mandatory) – These hashes can be passed to SDK during integration and do not change between transactions.
Dynamic Hashes (Mandatory) – These hashes must be generated at runtime for each transaction and will vary based on the transaction parameters.
Below are the list of static hashes:
It is used to fetch enabled payment options. If not passed, checkout screen will not appear.
It is used to get NB up/down status. If not passed, NB down status will not be displayed for the banks in NetBanking section.
It is used to fetch the eligible bins for EMI when EMI is enabled. If not passed, EMI payment will not work.
It is used to fetch EMI details like, amount, interest rate, etc when EMI is enabled. If not passed, EMI payment will not work.
It is used to delete the saved card of user. If not passed, delete save card functionality will not work.
It is used for making payment. If not passed, payment will not happen.
After setting the values in above formula generate sha512 over it and pass the same in additional param.
For passing dynamic hashes, merchant will receive a call on the method generateHash of PayUCheckoutProListener.
In the method parameter, you will receive a dictionary or hashMap, extract the value of hashString from that. Pass that value to server, now server will append salt at the end and generate sha512 hash over it. Server will give that hash back to your app and app will give that hash to us via callback mechanism.
There is no need to know the formula for dynamic hashes because our SDK itself gives you the string containing all the required parameter. Your server just has to append salt at the end and generate sha512 hash over it.
Below are the list of dynamic hashes:
It is used to fetch Bin details. If not passed, card payments will not happen.
It is used when verifying Phone number in OlaMoney Section. If not passed, phone number will not be verified and hence user will not be able to proceed.
It is used for validating VPA on UPI Collect screen. If not passed, VPA will not be verified and hence user will not be able to proceed.