SSL, security and hashing
Helcim.js greatly reduces your scope of security and compliance, by establishing a secure connection between the cardholder's web browser and our Helcim API.
In test-mode, an SSL certificate is not required to be present on your checkout page. However, you need to tell Helcim.js to skip the SSL verification by creating an input field with id=test value=1.
In production mode, Helcim.js will verify that an SSL is present, or return an error.
Hashing of the amount value
Amount hashing is an optional security tool available with Helcim.js. It is used to prevent the end-user from modifying the transaction amount through their web-browser or POST manipulation:
- When enabled in your configuration, a secret Hash key is created. This key should not be shared and be made available to the end-user.
- When setting the amount field, you should also set the amountHash field with the hashed value. This will allow Helcim.js to confirm that the amount received was in-fact set by the merchant and not modified by the customer.
- Helcim.js will hash the amount field with the secret key of your Helcim.js configuration, and make sure that the output matches exactly with the received amountHash value.
- The hash should be performed using sha256, and should be the secret key concatenated with the amount value.
- The amount value should be formatted as #######.## with 2 decimal places and no comma separations.
- If the hashes do not match and Hashing is enforced, Helcim.js will return an error.
Hash Method = sha256
Value = secret_key concatenation with amount
Amount Format = #######.##
<?php // SET VALUES $secretKey = '13dbdeadcde3e5f7b7dc5bf7041850a5660e0587'; // FOUND IN YOUR CONFIG $amount = '2500.00'; // ONE-WAY HASH $amountHash = hash('sha256',$secretKey.$amount); ?>
Updated about 1 month ago