Utilizing amount hashing for Helcim.js
Amount hashing is an optional security tool available when processing Purchase or Pre-Authorize transactions through Helcim.js. It is used to prevent the end-user from modifying the transaction amount through their web-browser or POST manipulation.
Amount hashing when processing a Verify transaction
Amount hashing is not necessary when using Helcim.js to process a Verify transaction combined with the Process Purchase Transaction endpoint through the Payment API. This is because you control the amount sent to the Payment API endpoints from your website or applications secure back-end.
How does amount hashing work for Helcim.js?
After creating your Helcim.js Configuration, a Secret Key will be generated. This key should not be shared or made available to the end-user.
With Enforce Hashing enabled in your Helcim.js Configuration, we will compare the value passed in the amountHash
input element, making sure that the output matches exactly with the expected hash for the transaction.
- If the
amountHash
value is correct, then the transaction will be processed. - If the
amountHash
passed in your Helcim.js request does not match the hash that Helcim.js generated for the transaction, we will return an error response to you for the transaction.
// Example error response for incorrect hash
<message>
<response>0</response>
<responseMessage>Hash Amount Incorrect</responseMessage>
</message>
How to pass the amountHash
for your transaction
amountHash
for your transactionWhen setting the amount
field for Helcim.js, you should also set the amountHash
field with the hashed value. This will allow Helcim.js to confirm that the amount received was in-fact set by the merchant and not modified by the customer.
You will need to hash your secret key and the transaction amount and pass this hash in a hidden HTML input field.
<input type="hidden" id="amountHash" value="HASH_VALUE">
How to create your amountHash
amountHash
The amountHash
value should be performed using an sha256 algorithm, and should be the secret key concatenated with the amount value of the transaction.
The amount value should be formatted as ####.##
, with 2 decimal places and no comma separations. E.g. 1000.00.
Hashing specifications
- Hash Method = sha256
hashAmount
Value =secret_key
+amount
<?php
// SET VALUES
$secretKey = '13dbdeadcde3e5f7b7dc5bf7041850a5660e0587'; // FOUND IN YOUR HELCIM.JS CONFIG
$amount = '2500.00';
// ONE-WAY HASH
$amountHash = hash('sha256',$secretKey.$amount);
?>
Hash method = sha256
Value =
secret_key
+amount
Amount Format = #######.##
<?php
// SET VALUES
$secretKey = '13dbdeadcde3e5f7b7dc5bf7041850a5660e0587'; // FOUND IN YOUR HELCIM.JS CONFIG
$amount = '2500.00';
// ONE-WAY HASH
$amountHash = hash('sha256',$secretKey.$amount);
?>
Updated 19 days ago