Dusupay
Search…
Signature Verification
In addition to the header,webhook-hash when calling back, there's another header with the name,dusupay-signature and this is to help merchants trust that the callbacks originate from the DusuPay servers. Signature verification can be done with the following procedure;
  1. 1.
    Retrieve the value of the dusupay-signature header.
  2. 2.
    Form the string payload to be used in signature verification. This is obtained by concatenating values of the callback data in the format that follows id:internal_reference:transaction_status:callback_url where callback_url is the full URL as added to your merchant account settings. The other values are obtained from the callback data. e.g. assume the following is the callback data
    1
    {
    2
    "id": 226,
    3
    "request_amount": 10,
    4
    "request_currency": "USD",
    5
    "account_amount": 737.9934,
    6
    "account_currency": "UGX",
    7
    "transaction_fee": 21.4018,
    8
    "total_credit": 716.5916,
    9
    "customer_charged": false,
    10
    "provider_id": "mtn_ug",
    11
    "merchant_reference": "76859aae-f148-48c5-9901-2e474cf19b71",
    12
    "internal_reference": "DUSUPAY405GZM1G5JXGA71IK",
    13
    "transaction_status": "COMPLETED",
    14
    "transaction_type": "collection",
    15
    "message": "Transaction Completed Successfully"
    16
    }
    Copied!
    and that the callback URL is https://www.sample-url.com/callback The string payload would therefore be 226:DUSUPAY405GZM1G5JXGA71IK:COMPLETED:https://www.sample-url.com/callback
  3. 3.
    Obtain the public key as described here and store it as a file.
  4. 4.
    Use the public key to verify the signature as described in the example source codes below;

Signature Verification Code Samples

NodeJS
PHP
1
const crypto = require('crypto');
2
const fs = require('fs');
3
4
function isValidSignature() {
5
const strPayload = "226:DUSUPAY405GZM1G5JXGA71IK:COMPLETED:https://www.sample-url.com/callback";
6
const signature = "value-of-dusupay-signature";
7
const publicKeyFile = "path-to-file/dusupay.public.key.pem";
8
const publicKey = fs.readFileSync(publicKeyFile).toString().replace(/\\n/g, '\n');
9
10
const verify = crypto.createVerify("SHA512");
11
verify.write(strPayload);
12
verify.end();
13
14
/*true or false*/
15
return verify.verify(publicKey, signature, 'base64');
16
}
Copied!
1
<?php
2
3
public function isValidSignature() {
4
$file = "path-to-file/dusupay.public.key.pem";
5
$keyContent = file_get_contents($file);
6
$publicKey = openssl_get_publickey($keyContent);
7
$strPayload = "226:DUSUPAY405GZM1G5JXGA71IK:COMPLETED:https://www.sample-url.com/callback";
8
$signature = base64_decode("value-of-dusupay-signature");
9
10
/*true or false*/
11
return openssl_verify($strPayload, $signature, $publicKey, "sha512") == 1;
12
}
13
14
?>
Copied!
Last modified 7mo ago
Copy link