helcim.com

Utilizing Amount Hashing for Helcim.js

Amount hashing is an optional security tool available when processing Purchase or Pre-Authorize transactions through Helcim.js. It is used to prevent the end-user from modifying the transaction amount through their web-browser or POST manipulation.

πŸ“˜

Amount Hashing when processing a Verify transaction

Amount hashing is not necessary when using Helcim.js to process a Verify transaction combined with the Process Purchase Transaction endpoint through the Payment API. This is because you control the amount sent to the Payment API endpoints from your website or applications secure back-end.

How does Amount Hashing work for Helcim.js?

After creating your Helcim.js Configuration, a Secret Key will be generated. This key should not be shared or made available to the end-user.

With Enforce Hashing enabled in your Helcim.js Configuration, we will compare the value passed in the amountHash input element, making sure that the output matches exactly with the expected hash for the transaction.

  • If the amountHash value is correct, then the transaction will be processed.
  • If the amountHash passed in your Helcim.js request does not match the hash that Helcim.js generated for the transaction, we will return an error response to you for the transaction.
// Example error response for incorrect hash
<message>
  <response>0</response>
  <responseMessage>Hash Amount Incorrect</responseMessage>
</message>

How to pass the amountHash for your transaction

When setting the amount field for Helcim.js, you should also set the amountHash field with the hashed value. This will allow Helcim.js to confirm that the amount received was in-fact set by the merchant and not modified by the customer.

You will need to hash your secret key and the transaction amount and pass this hash in a hidden HTML input field.

<input type="hidden" id="amountHash" value="HASH_VALUE">

How to create your amountHash

The amountHash value should be performed using an sha256 algorithm, and should be the secret key concatenated with the amount value of the transaction.

The amount value should be formatted as ####.##, with 2 decimal places and no comma separations. E.g. 1000.00.

πŸ“˜

Hashing specifications

  • Hash Method = sha256
  • hashAmount Value = secret_key + amount
<?php

	// SET VALUES
	$secretKey = '13dbdeadcde3e5f7b7dc5bf7041850a5660e0587'; // FOUND IN YOUR HELCIM.JS CONFIG
	$amount = '2500.00';

	// ONE-WAY HASH
	$amountHash = hash('sha256',$secretKey.$amount);

?>

πŸ“˜

Hash Method = sha256

Value = secret_key + amount
Amount Format = #######.##

<?php

	// SET VALUES
	$secretKey = '13dbdeadcde3e5f7b7dc5bf7041850a5660e0587'; // FOUND IN YOUR HELCIM.JS CONFIG
	$amount = '2500.00';

	// ONE-WAY HASH
	$amountHash = hash('sha256',$secretKey.$amount);

?>

Updated 2 days ago