Amount Hashing
Amount hashing is an optional security tool available with Helcim.js. It is used to prevent the end-user from modifying the transaction amount through their web-browser or POST manipulation:
- When enabled in your configuration, a secret Hash key is created. This key should not be shared or made available to the end-user.
- When setting the amount field, you should also set the
amountHash
field with the hashed value. This will allow Helcim.js to confirm that the amount received was in-fact set by the merchant and not modified by the customer. - Helcim.js will hash the amount field with the secret key of your Helcim.js configuration, and make sure that the output matches exactly with the received
amountHash
value. - The hash should be performed using sha256, and should be the secret key concatenated with the amount value.
- The amount value should be formatted as #######.## with 2 decimal places and no comma separations.
- If the hashes do not match and Hashing is enforced in your Helcim.js Configuration, Helcim.js will return an error.
Hashing specifications
Hash Method = sha256
Value =secret_key
+amount
Amount Format = #######.##
<?php
// SET VALUES
$secretKey = '13dbdeadcde3e5f7b7dc5bf7041850a5660e0587'; // FOUND IN YOUR HELCIM.JS CONFIG
$amount = '2500.00';
// ONE-WAY HASH
$amountHash = hash('sha256',$secretKey.$amount);
?>
Updated 3 months ago