Set up the payment hashes

IMPORTANT NOTE:

Always generate the hashes on your server. Do not generate the hashes locally in your app as it will compromise the security of the transactions.

Hash Generation for the CheckoutPro SDK

The CheckoutPro SDK uses hashes to ensure security of the transaction and preventing any unauthorised intrusion or modification. The CheckoutPro SDK requires two types of hashes:

  • Static Hashes – These hashes can be incorporated in the app during integration and do not change between transactions

  • Dynamic Hashes – These hashes must be generated at runtime for each transaction and will vary based on the transaction parameters

Passing static hashes

These hashes can be passed in additional param when generating the payment params.

Below is list of static hashes used in Checkout Pro SDK

Hash Name

HashFormula

SampleValue

Hash = SHA512(SampleValue)

payment_related_details_for_mobile_sdk

<key>|payment_related_details_for_mobile_sdk|<userCredential>|<salt>

3TnMpV|payment_related_details_for_mobile_sdk|3TnMpV:[email protected]|g0nGFe03

13d6ea5fa3475ed915a7a76cdae62632392bd2ae26f6fb976b25c0841db2ee7a524f034501d26b3ef4e2c7065e10bbcc1bbb30e626eda690810d5e239185d96f

vas_for_mobile_sdk

<key>|getEmiAmountAccordingToInterest|default|<salt>

3TnMpV|vas_for_mobile_sdk|default|g0nGFe03

6a71a10f33e61ca88307b2e0f97d6ed94cc1a7daf7ba8883dda1bd1079ec3f8c526354e1f9b4ef0f59c90248d91c30fbb58971fcc291e0a7beddf7cc3783966b

getEmiAmountAccordingToInterest

<key>|vas_for_mobile_sdk|<amount>|<salt>

3TnMpV|getEmiAmountAccordingToInterest|80000|g0nGFe03

0f24a754c9ec07defd91ef510ce07aa7f0cb61d44413391efaa3f8c2e9d6a6df190c6d37e29a38a20a063563dfebbf02b3ec354b213ad231d21c08254dad3878

eligibleBinsForEMI

<key>|eligibleBinsForEMI|default|<salt>

3TnMpV|eligibleBinsForEMI|default|g0nGFe03

8126f6523a90c5b313e2b7602e10331f3e57c1b49f8ceab6a59df4847896f0c4503a6e74ce0e627f3e57d90150cc4994ec115fb0aeec76bbe9d580c76f1da625

delete_user_card

<key>|delete_user_card|<userCredential>|<salt>

3TnMpV|delete_user_card|3TnMpV:[email protected]|g0nGFe03

b0f704d9a2d1e2fcd97344ace136eb07689fc28b04157b12ca0f1177174ad0b09b3ec89f1c35a2d07b016d88024fae06ef07b76d55a9ef1d1420933a4520867c

For passing static hashes during integration, use below code:

Swift
Objective-C
Swift
paymentParam.additionalParam[HashConstant.paymentRelatedDetailForMobileSDK] = <#T##String#>
paymentParam.additionalParam[HashConstant.vasForMobileSDK] = <#T##String#>
paymentParam.additionalParam[HashConstant.payment] = <#T##String#>
Objective-C
paymentParam.additionalParam = [[NSDictionary alloc] initWithObjectsAndKeys:
<#(NSString)#>, HashConstant.paymentRelatedDetailForMobileSDK,
<#(NSString)#>, HashConstant.vasForMobileSDK,
<#(NSString)#>, HashConstant.payment,
nil];

Passing dynamic hashes

Below is list of dynamic hashes used in Checkout Pro SDK

Hash Name

HashFormula

SampleValue

Hash = SHA512(SampleValue)

check_isDomestic

<key>|check_isDomestic|<First6DigitOfCardNumber>|<salt>

3TnMpV|check_isDomestic|512345|g0nGFe03

f43bd495b110ebe63038bb8152b0083cb3bd227e9db8dab6d3fb8c2cb38c3fece787bba76adf755405b549f00b3264d996233ec02fce973f8ff24ba1e7751cbe

get_eligible_payment_options

<key>|get_eligible_payment_options|<eligibleAPIJsonObj>|<salt>

3TnMpV|get_eligible_payment_options|{"amount":"80000","txnid":"iOS201030155052","mobile_number":"9876543210","first_name":"Umang","bankCode":"OLAM","email":"[email protected]","last_name":""}|g0nGFe03

c8aa94073a42a8ff1763976158674c74e22a6f18641456362b984a780539ab94fd3992ab490ab2d5230b17ead403f367328e008dfec3bd057b5aca9004c67afb

validateVPA

<key>|validateVPA|<vpa>|<salt>

3TnMpV|validateVPA|[email protected]|g0nGFe03

95c39566f3a5394b32edd218f9e823b6ee9df48443945d759f9f298122f965afc8588cd46bf71edcd6080eb2df3e33e5949f894b2631299185433b58414a471c

payment

<key>|<txnid>|<amount>|<productinfo>|<firstname>|<email>|<udf1>|<udf2>|<udf3>|<udf4>|<udf5>||||||<salt>

3TnMpV|iOS201030155052|80000|iPhone X|Umang|[email protected]|udf11|udf22|udf33|udf44|udf55||||||g0nGFe03

43a02dcc962931cdf706b72867bb7f1e2d1d634b5d2e537e28db6c7c6513b437bca743c0f63c6138e49d6e6178a144335bdc531d09e1ae2726e69a202d40fd2c

For generating and passing dynamic hashes, merchant will receive a call on the method generateHash of PayUCheckoutProListener

Swift
Objective-C
Swift
func generateHash(for param: DictOfString, onCompletion: @escaping PayUHashGenerationCompletion)
Objective-C
- (void)generateHashFor:(NSDictionary<NSString *,NSString *> * _Nonnull)param onCompletion:(void (^ _Nonnull)(NSDictionary<NSString *,NSString *> * _Nonnull))onCompletion;

Here,

param -> Dictionary that contains key as HashConstant.hashName & HashConstant.hashString

onCompletion -> Once you fetch the hash from server, pass that hash with key as param[HashConstant.hashName]

The generateHash() method is called by the SDK each time it needs an individual hash. The HashConstant.hashName will contain the name of the specific hash requested in that call and the HashConstant.hashString will contain the data/string that needs to be hashed.

Getting Hash Data to calculate hash

Checkout Pro SDK will give a callback in generateHash() method whenever any hash is needed by it. Merchant need to calculate that hash and pass back to the SDK. Below is the process of doing so:

To extract hash string and hash name from dictionary received in generateHash() method, use below keys -

HashConstant.hashString -> This will contain complete hash string excluding salt. For eg, for vas for mobile sdk hash, hash string will contain “<key>|<command>|<var1>|”. Merchant can append their salt at end of hash string to calculate the hash.

HashConstant.hashName -> This will contain hash name.

Passing generated hash to SDK

Prepare a dictionary, where key should be param[HashConstant.hashName] and value should be generated hash value and pass this dictionary in onCompletion() method as below:

Swift
Objective-C
Swift
/// Use this function to provide hashes
/// - Parameters:
/// - param: Dictionary that contains key as HashConstant.hashName & HashConstant.hashString
/// - onCompletion: Once you fetch the hash from server, pass that hash with key as param[HashConstant.hashName]
func generateHash(for param: DictOfString, onCompletion: @escaping PayUHashGenerationCompletion) {
// Send this string to your backend and append the salt at the end and send the sha512 back to us, do not calculate the hash at your client side, for security is reasons, hash has to be calculated at the server side
let hashStringWithoutSalt = param[HashConstant.hashString] ?? ""
// Or you can send below string hashName to your backend and send the sha512 back to us, do not calculate the hash at your client side, for security is reasons, hash has to be calculated at the server side
let hashName = param[HashConstant.hashName] ?? ""
// Set the hash in below string which is fetched from your server
let hashFetchedFromServer = <#T##String#>
onCompletion([hashName : hashFetchedFromServer])
}
Objective-C
/// Use this function to provide hashes
/// @param param NSDictionary that contains key as HashConstant.hashName & HashConstant.hashString
/// @param onCompletion Once you fetch the hash from server, pass that hash with key as param[HashConstant.hashName]
- (void)generateHashFor:(NSDictionary<NSString *, NSString *> * _Nonnull)param onCompletion:(void (^ _Nonnull)(NSDictionary<NSString *, NSString *> * _Nonnull))onCompletion {
// Send below string hashStringWithoutSalt to your backend and append the salt at the end and send the sha512 back to us, do not calculate the hash at your client side, for security is reasons, hash has to be calculated at the server side
NSString *hashStringWithoutSalt = [param objectForKey:HashConstant.hashString];
// Or you can send below string hashName to your backend and send the sha512 back to us, do not calculate the hash at your client side, for security is reasons, hash has to be calculated at the server side
NSString * hashName = [param objectForKey:HashConstant.hashName];
// Set the hash in below string which is fetched from your server
NSString *hashFetchedFromServer = <#(NSString)#>;
NSDictionary *hashResponseDict = [NSDictionary dictionaryWithObjectsAndKeys:hashFetchedFromServer, hashName, nil];
onCompletion(hashResponseDict);
}