Dusupay
Dusupay
Introduction
GETTING STARTED
Gateway Portal
Pre-Integration
RECEIVING MONEY
Collections
SENDING MONEY
Payouts
APPENDIX
Webhooks
Signature Verification
Webhook Trigger
Payment Options
Supported Countries/Regions
Currency Limits
Transaction status codes
Refunds
Testing
Account Balance
Mobile Money Operator Prefix
FAQ's
Webhook hash
Callbacks
Provider ID
Payouts
FNB Bank South Africa
Alidropship
Powered by GitBook

Signature Verification

In addition to the header,webhook-hash when calling back, there's another header with the name,dusupay-signature and this is to help merchants trust that the callbacks originate from the DusuPay servers. Signature verification can be done with the following procedure;

  1. Retrieve the value of the dusupay-signature header.

  2. Form the string payload to be used in signature verification. This is obtained by concatenating values of the callback data in the format that follows id:internal_reference:transaction_status:callback_url where callback_url is the full URL as added to your merchant account settings. The other values are obtained from the callback data. e.g. assume the following is the callback data 

    {
        "id": 226,
        "request_amount": 10,
        "request_currency": "USD",
        "account_amount": 737.9934,
        "account_currency": "UGX",
        "transaction_fee": 21.4018,
        "total_credit": 716.5916,
        "customer_charged": false,
        "provider_id": "mtn_ug",
        "merchant_reference": "76859aae-f148-48c5-9901-2e474cf19b71",
        "internal_reference": "DUSUPAY405GZM1G5JXGA71IK",
        "transaction_status": "COMPLETED",
        "transaction_type": "collection",
        "message": "Transaction Completed Successfully"
    }

    and that the callback URL is https://www.sample-url.com/callback The string payload would therefore be 226:DUSUPAY405GZM1G5JXGA71IK:COMPLETED:https://www.sample-url.com/callback

  3. Obtain the public key as described here and store it as a file.

  4. Use the public key to verify the signature as described in the example source codes below;

Signature Verification Code Samples

NodeJS
PHP
NodeJS
const crypto = require('crypto');
const fs = require('fs');
function isValidSignature() {
    const strPayload = "226:DUSUPAY405GZM1G5JXGA71IK:COMPLETED:https://www.sample-url.com/callback";
    const signature = "value-of-dusupay-signature";
    const publicKeyFile = "path-to-file/dusupay.public.key.pem";
    const publicKey = fs.readFileSync(publicKeyFile).toString().replace(/\\n/g, '\n');
    const verify = crypto.createVerify("SHA512");
    verify.write(strPayload);
    verify.end();
    /*true or false*/
    return verify.verify(publicKey, signature, 'base64');
}
PHP
<?php
public function isValidSignature() {
    $file = "path-to-file/dusupay.public.key.pem";
    $keyContent = file_get_contents($file);
    $publicKey = openssl_get_publickey($keyContent);
    $strPayload = "226:DUSUPAY405GZM1G5JXGA71IK:COMPLETED:https://www.sample-url.com/callback";
    $signature = base64_decode("value-of-dusupay-signature");
    /*true or false*/
    return openssl_verify($strPayload, $signature, $publicKey) == 1;
}
?>
APPENDIX - Previous
Webhooks
Next
Webhook Trigger
Last updated 2 months ago