Set up the payment hashes

IMPORTANT NOTE:

Always generate the hashes on your server. Do not generate the hashes locally in your app as it will compromise the security of the transactions.

Hash Generation for the CheckoutPro SDK

The CheckoutPro SDK uses hashes to ensure security of the transaction and preventing any unauthorised intrusion or modification. The CheckoutPro SDK requires two types of hashes:

  • Static Hashes – These hashes can be incorporated in the app during integration and do not change between transactions

  • Dynamic Hashes – These hashes must be generated at runtime for each transaction and will vary based on the transaction parameters

Passing static hashes

Hashes like Payment related details for mobile SDK hash and VAS for mobile hash are static hashes that can be passed during the integration. These hashes can be passed in additional params map when generating the payment params.

Use below hash generation pseudocode for generating hashes for the CheckoutPro SDK

sha512(key|command|var1|salt)

Where,

key is your merchant key

command is the api command for which you’re generating the hash

salt is your (secret) salt

var1 has a value as per the table below

Below is list of hashes used in Checkout Pro SDK

Hash Name

Var1

payment_related_details_for_mobile_sdk

userCredentials

vas_for_mobile_sdk

default

check_isDomestic

Card bin i.e first 6 digits of card number

get_eligible_payment_options

Json object containing amount, txnid, mobile_number, first_name, bankCode, email, last_name

validateVPA

vpa

Besides the hashes listed above, the CheckoutPro SDK also requires a Payment hash that can be calculated as defined below:

String hashSequence = key|txnid|amount|productinfo|firstname|email|udf1|udf2|udf3|udf4|udf5||||||salt;
String paymentHash = sha512(hashSequence);

NOTE: The hashSequence string must have empty pipes or the udf1 to udf5 values (udf is user defined fields)

For passing below static hashes during integration, use below code:

Java
Kotlin
Java
HashMap<String, Object> additionalParams = new HashMap<>();
additionalParams.put(PayUCheckoutProConstants.CP_VAS_FOR_MOBILE_SDK], <String>);
additionalParams.put(PayUCheckoutProConstants.CP_PAYMENT_RELATED_DETAILS_FOR_MOBILE_SD K], <String>);
Kotlin
val additionalParamsMap: HashMap<String, Any?> = HashMap()
additionalParamsMap[PayUCheckoutProConstants.CP_VAS_FOR_MOBILE_SDK] = <String>
additionalParamsMap[PayUCheckoutProConstants.CP_PAYMENT_RELATED_DETAILS_FOR_MOBILE_SDK] = <String>

Passing dynamic hashes

For generating and passing dynamic hashes, merchant will receive a call on the method generateHash of PayUCheckoutProListener.

Java
Kotlin
Java
void generateHash(HashMap<String,String> map, PayUHashGenerationListener hashGenerationListener)
Kotlin
fun generateHash(map:HashMap<String,String>,hashGenerationListener: PayUHashGenerationListener)

Here,

map -> a hash map that contains hash string and hash name

hashGenerationListener -> Once the hash is generated at merchant end. Pass the generated hash in method onHashGenerated() of the hashGenerationListener.

Java
Kotlin
Java
interface PayUHashGenerationListener {
void onHashGenerated(HashMap<String,String> map)
}
Kotlin
interface PayUHashGenerationListener {
fun onHashGenerated(map: HashMap<String,String?>)
}

The generateHash() method is called by the SDK each time it needs an individual hash. The CP_HASH_NAME will contain the name of the specific hash requested in that call and the CP_HASH_STRING will contain the data/string that needs to be hashed.

Getting Hash Data to calculate hash

Checkout Pro SDK will give a callback in generateHash() method whenever any hash is needed by it. The merchant need to calculate that hash and pass back to the SDK. Below is the process of doing so:

To extract hash string and hash name from map received in generateHash() method, use below keys -

CP_HASH_STRING -> This will contain complete hash string excluding salt. For eg, for vas for mobile sdk hash, the hash string will contain “<key>|<command>|<var1>|”. Merchant can append their salt at end of hash string to calculate the hash.

CP_HASH_NAME -> This will contain the hash name.

Passing generated hash to SDK

Prepare a map, where key should be hash name in step 2.1 and value should be generated hash value and pass this map in onHashGenerated() method above.

Java
Kotlin
Java
@Override
public void generateHash(@NotNull HashMap<String, String> map, @NotNull PayUHashGenerationListener hashGenerationListener) {
String hashName = map.get(CP_HASH_NAME);
String hashData = map.get(CP_HASH_STRING);
if (!TextUtils.isEmpty(hashName) && !TextUtils.isEmpty(hashData)) {
//Do not generate hash from local, it needs to be calculated from server side only
String hash = HashGenerationUtils.INSTANCE.generateHashFromSDK(hashData, salt);
if (!TextUtils.isEmpty(hash)) {
HashMap<String, String> hashMap = new HashMap<>();
hashMap.put(hashName, hash);
hashGenerationListener.onHashGenerated(hashMap);
}
}
}
Kotlin
override fun generateHash(
map: HashMap<String, String?>,
hashGenerationListener: PayUHashGenerationListener
) {
if (map.containsKey(CP_HASH_STRING)
&& map.containsKey(CP_HASH_STRING) != null
&& map.containsKey(CP_HASH_NAME)
&& map.containsKey(CP_HASH_NAME) != null
) {
val hashData = map[CP_HASH_STRING]
val hashName = map[CP_HASH_NAME]
val hash: String? =
//Do not generate hash from local, it needs to be calculated from server side only
HashGenerationUtils.generateHashFromSDK(
hashData!!,
salt
)
if (!TextUtils.isEmpty(hash)) {
val hashMap: HashMap<String, String?> = HashMap()
hashMap[hashName!!] = hash!!
hashGenerationListener.onHashGenerated(hashMap)
}
}
}