Amount Hashing

Amount hashing is an optional security tool available with Helcim.js. It is used to prevent the end-user from modifying the transaction amount through their web-browser or POST manipulation:

  • When enabled in your configuration, a secret Hash key is created. This key should not be shared or made available to the end-user.
  • When setting the amount field, you should also set the amountHash field with the hashed value. This will allow Helcim.js to confirm that the amount received was in-fact set by the merchant and not modified by the customer.
  • Helcim.js will hash the amount field with the secret key of your Helcim.js configuration, and make sure that the output matches exactly with the received amountHash value.
  • The hash should be performed using sha256, and should be the secret key concatenated with the amount value.
  • The amount value should be formatted as #######.## with 2 decimal places and no comma separations.
  • If the hashes do not match and Hashing is enforced in your Helcim.js Configuration, Helcim.js will return an error.

📘

Hashing specifications

Hash Method = sha256
Value = secret_key + amount
Amount Format = #######.##

<?php

	// SET VALUES
	$secretKey = '13dbdeadcde3e5f7b7dc5bf7041850a5660e0587'; // FOUND IN YOUR HELCIM.JS CONFIG
	$amount = '2500.00';

	// ONE-WAY HASH
	$amountHash = hash('sha256',$secretKey.$amount);

?>