Amount hashing is an optional security tool available with Helcim.js. It is used to prevent the end-user from modifying the transaction amount through their web-browser or POST manipulation:
- When enabled in your configuration, a secret Hash key is created. This key should not be shared or made available to the end-user.
- When setting the amount field, you should also set the
amountHashfield with the hashed value. This will allow Helcim.js to confirm that the amount received was in-fact set by the merchant and not modified by the customer.
- Helcim.js will hash the amount field with the secret key of your Helcim.js configuration, and make sure that the output matches exactly with the received
- The hash should be performed using sha256, and should be the secret key concatenated with the amount value.
- The amount value should be formatted as #######.## with 2 decimal places and no comma separations.
- If the hashes do not match and Hashing is enforced in your Helcim.js Configuration, Helcim.js will return an error.
Hash Method = sha256
Amount Format = #######.##
<?php // SET VALUES $secretKey = '13dbdeadcde3e5f7b7dc5bf7041850a5660e0587'; // FOUND IN YOUR HELCIM.JS CONFIG $amount = '2500.00'; // ONE-WAY HASH $amountHash = hash('sha256',$secretKey.$amount); ?>
Updated 3 months ago