HelcimPay.js Validation
This reference details the steps for validating the transaction processed through HelcimPay.js.
To ensure the integrity of the transaction response, it can be validated by comparing the hash generated from combining the response data and the secret token, to the hash received in a successful HelcimPay transaction response.
The hash from the response is created by first JSON encoding the transaction response data, then appending it with the secret token received during HelcimPay.js Initialization request, and finally, generating a secure and unique hash using the SHA-256 algorithm.
The hash value returned from your validate function should match the hash value returned in the transaction response from HelcimPay.
Example response data:
data: {
"transactionId": "20163175",
"dateCreated": "2023-07-17 10:34:35",
"cardBatchId": "2915466",
"status": "APPROVED",
"type": "purchase",
"amount": "15.45",
"currency": "CAD",
"avsResponse": "X",
"cvvResponse": "",
"approvalCode": "T3E5ST",
"cardToken": "27128ae9440a0b47e2a068",
"cardNumber": "4000000028",
"cardHolderName": "Test",
"customerCode": "CST1049",
"invoiceNumber": "INV001045",
"warning": ""
},
hash: "dbcb570cca52c38d597941adbed03f01be78c43cba89048722925b2f168226a9"
Example hash implementation:
$secretToken = 'sample-secret';
$jsonEncodedData = '{
"transactionId": "20163175",
"dateCreated": "2023-07-17 10:34:35",
"cardBatchId": "2915466",
"status": "APPROVED",
"type": "purchase",
"amount": "15.45",
"currency": "CAD",
"avsResponse": "X",
"cvvResponse": "",
"approvalCode": "T3E5ST",
"cardToken": "27128ae9440a0b47e2a068",
"cardNumber": "4000000028",
"cardHolderName": "Test",
"customerCode": "CST1049",
"invoiceNumber": "INV001045",
"warning": ""
}';
$cleanedJsonEncodedData = json_encode(json_decode($jsonEncodedData, true));
hash('sha256', $cleanedJsonEncodedData . $secretToken); // dbcb570cca52c38d597941adbed03f01be78c43cba89048722925b2f168226a9
Updated 3 days ago