Set up the payment hashes
Always generate the hashes on your server. Do not generate the hashes locally in your app as it will compromise the security of the transactions.
The CheckoutPro SDK uses hashes to ensure security of the transaction and preventing any unauthorised intrusion or modification. The CheckoutPro SDK requires two types of hashes:
Static Hashes – These hashes can be incorporated in the app during integration and do not change between transactions
Dynamic Hashes – These hashes must be generated at runtime for each transaction and will vary based on the transaction parameters
These hashes can be passed in additional param when generating the payment params.
Below is list of static hashes used in Checkout Pro SDK
Hash Name | HashFormula | SampleValue | Hash = SHA512(SampleValue) |
payment_related_details_for_mobile_sdk | <key>|payment_related_details_for_mobile_sdk|<userCredential>|<salt> | 3TnMpV|payment_related_details_for_mobile_sdk|3TnMpV:[email protected]|g0nGFe03 | 13d6ea5fa3475ed915a7a76cdae62632392bd2ae26f6fb976b25c0841db2ee7a524f034501d26b3ef4e2c7065e10bbcc1bbb30e626eda690810d5e239185d96f |
vas_for_mobile_sdk | <key>|getEmiAmountAccordingToInterest|default|<salt> | 3TnMpV|vas_for_mobile_sdk|default|g0nGFe03 | 6a71a10f33e61ca88307b2e0f97d6ed94cc1a7daf7ba8883dda1bd1079ec3f8c526354e1f9b4ef0f59c90248d91c30fbb58971fcc291e0a7beddf7cc3783966b |
getEmiAmountAccordingToInterest | <key>|vas_for_mobile_sdk|<amount>|<salt> | 3TnMpV|getEmiAmountAccordingToInterest|80000|g0nGFe03 | 0f24a754c9ec07defd91ef510ce07aa7f0cb61d44413391efaa3f8c2e9d6a6df190c6d37e29a38a20a063563dfebbf02b3ec354b213ad231d21c08254dad3878 |
eligibleBinsForEMI | <key>|eligibleBinsForEMI|default|<salt> | 3TnMpV|eligibleBinsForEMI|default|g0nGFe03 | 8126f6523a90c5b313e2b7602e10331f3e57c1b49f8ceab6a59df4847896f0c4503a6e74ce0e627f3e57d90150cc4994ec115fb0aeec76bbe9d580c76f1da625 |
delete_user_card | <key>|delete_user_card|<userCredential>|<salt> | 3TnMpV|delete_user_card|3TnMpV:[email protected]|g0nGFe03 | b0f704d9a2d1e2fcd97344ace136eb07689fc28b04157b12ca0f1177174ad0b09b3ec89f1c35a2d07b016d88024fae06ef07b76d55a9ef1d1420933a4520867c |
For passing static hashes during integration, use below code:
paymentParam.additionalParam[HashConstant.paymentRelatedDetailForMobileSDK] = <#T##String#>paymentParam.additionalParam[HashConstant.vasForMobileSDK] = <#T##String#>paymentParam.additionalParam[HashConstant.payment] = <#T##String#>
paymentParam.additionalParam = [[NSDictionary alloc] initWithObjectsAndKeys:<#(NSString)#>, HashConstant.paymentRelatedDetailForMobileSDK,<#(NSString)#>, HashConstant.vasForMobileSDK,<#(NSString)#>, HashConstant.payment,nil];
Below is list of dynamic hashes used in Checkout Pro SDK
Hash Name | HashFormula | SampleValue | Hash = SHA512(SampleValue) |
check_isDomestic | <key>|check_isDomestic|<First6DigitOfCardNumber>|<salt> | 3TnMpV|check_isDomestic|512345|g0nGFe03 | f43bd495b110ebe63038bb8152b0083cb3bd227e9db8dab6d3fb8c2cb38c3fece787bba76adf755405b549f00b3264d996233ec02fce973f8ff24ba1e7751cbe |
get_eligible_payment_options | <key>|get_eligible_payment_options|<eligibleAPIJsonObj>|<salt> | 3TnMpV|get_eligible_payment_options|{"amount":"80000","txnid":"iOS201030155052","mobile_number":"9876543210","first_name":"Umang","bankCode":"OLAM","email":"[email protected]","last_name":""}|g0nGFe03 | c8aa94073a42a8ff1763976158674c74e22a6f18641456362b984a780539ab94fd3992ab490ab2d5230b17ead403f367328e008dfec3bd057b5aca9004c67afb |
validateVPA | <key>|validateVPA|<vpa>|<salt> | 3TnMpV|validateVPA|[email protected]|g0nGFe03 | 95c39566f3a5394b32edd218f9e823b6ee9df48443945d759f9f298122f965afc8588cd46bf71edcd6080eb2df3e33e5949f894b2631299185433b58414a471c |
payment | <key>|<txnid>|<amount>|<productinfo>|<firstname>|<email>|<udf1>|<udf2>|<udf3>|<udf4>|<udf5>||||||<salt> | 3TnMpV|iOS201030155052|80000|iPhone X|Umang|[email protected]|udf11|udf22|udf33|udf44|udf55||||||g0nGFe03 | 43a02dcc962931cdf706b72867bb7f1e2d1d634b5d2e537e28db6c7c6513b437bca743c0f63c6138e49d6e6178a144335bdc531d09e1ae2726e69a202d40fd2c |
For generating and passing dynamic hashes, merchant will receive a call on the method generateHash of PayUCheckoutProListener
func generateHash(for param: DictOfString, onCompletion: @escaping PayUHashGenerationCompletion)
- (void)generateHashFor:(NSDictionary<NSString *,NSString *> * _Nonnull)param onCompletion:(void (^ _Nonnull)(NSDictionary<NSString *,NSString *> * _Nonnull))onCompletion;
Here,
param -> Dictionary that contains key as HashConstant.hashName & HashConstant.hashString
onCompletion -> Once you fetch the hash from server, pass that hash with key as param[HashConstant.hashName]
The generateHash() method is called by the SDK each time it needs an individual hash. The HashConstant.hashName will contain the name of the specific hash requested in that call and the HashConstant.hashString will contain the data/string that needs to be hashed.
Checkout Pro SDK will give a callback in generateHash() method whenever any hash is needed by it. Merchant need to calculate that hash and pass back to the SDK. Below is the process of doing so:
To extract hash string and hash name from dictionary received in generateHash() method, use below keys -
HashConstant.hashString -> This will contain complete hash string excluding salt. For eg, for vas for mobile sdk hash, hash string will contain “<key>|<command>|<var1>|”. Merchant can append their salt at end of hash string to calculate the hash.
HashConstant.hashName -> This will contain hash name.
Prepare a dictionary, where key should be param[HashConstant.hashName] and value should be generated hash value and pass this dictionary in onCompletion() method as below:
/// Use this function to provide hashes/// - Parameters:/// - param: Dictionary that contains key as HashConstant.hashName & HashConstant.hashString/// - onCompletion: Once you fetch the hash from server, pass that hash with key as param[HashConstant.hashName]func generateHash(for param: DictOfString, onCompletion: @escaping PayUHashGenerationCompletion) {// Send this string to your backend and append the salt at the end and send the sha512 back to us, do not calculate the hash at your client side, for security is reasons, hash has to be calculated at the server sidelet hashStringWithoutSalt = param[HashConstant.hashString] ?? ""// Or you can send below string hashName to your backend and send the sha512 back to us, do not calculate the hash at your client side, for security is reasons, hash has to be calculated at the server sidelet hashName = param[HashConstant.hashName] ?? ""// Set the hash in below string which is fetched from your serverlet hashFetchedFromServer = <#T##String#>onCompletion([hashName : hashFetchedFromServer])}
/// Use this function to provide hashes/// @param param NSDictionary that contains key as HashConstant.hashName & HashConstant.hashString/// @param onCompletion Once you fetch the hash from server, pass that hash with key as param[HashConstant.hashName]- (void)generateHashFor:(NSDictionary<NSString *, NSString *> * _Nonnull)param onCompletion:(void (^ _Nonnull)(NSDictionary<NSString *, NSString *> * _Nonnull))onCompletion {// Send below string hashStringWithoutSalt to your backend and append the salt at the end and send the sha512 back to us, do not calculate the hash at your client side, for security is reasons, hash has to be calculated at the server sideNSString *hashStringWithoutSalt = [param objectForKey:HashConstant.hashString];// Or you can send below string hashName to your backend and send the sha512 back to us, do not calculate the hash at your client side, for security is reasons, hash has to be calculated at the server sideNSString * hashName = [param objectForKey:HashConstant.hashName];// Set the hash in below string which is fetched from your serverNSString *hashFetchedFromServer = <#(NSString)#>;NSDictionary *hashResponseDict = [NSDictionary dictionaryWithObjectsAndKeys:hashFetchedFromServer, hashName, nil];onCompletion(hashResponseDict);}