Signing

For security purposes, we require ALL IOTPay API requests to be signed.

This sign should be included as part of each API request.

Signature algorithm

Example: var ex_body= { "c":"cat", "a":"apple", "b":"boat", "d":""};

Remove all keys with empty values in copied body object

ex_body= { "c":"cat", "a":"apple", "b":"boat"};

Sort resulting body by key in ascending lexicographic order

ex_body= {"a":"apple" "b":"boat", "c":"cat"};

Concatenate resulting body into new string in URL parameter format "key1=value1&key2=value2"

mystr="a=apple&b=boat&c=cat"

Append your merchant key (assigned to you by IOTPay during onboarding) "&key={your_merchant_key}" to the end of mystr

mystr+="&key={your_merchant_key}"

MD5 hash mystr, then convert hash result into all UPPERCASE. This is your sign

sign = toUpper(md5(mystr));

Attach sign value to original request body

ex_body.sign = sign; // you can now send the signed request

// ex_body before sending request
{"a":"apple", "b":"boat", "c":"cat", "sign": "DAC619FA1BC9526EBDA688A9DC842B7A"};

You may need to perform an addition step if you meet ALL of the following conditions:

You have completed steps 1-6 and are still getting sign validation error
subject is present in request and is non-empty
subject contains non UTF8 encoded characters
If all of the following apply, you should url encode the contents of subject and overwrite the original value; as below:
ex_body.subject = url_encode(ex_body.subject);

Repeat step 7 for body field

Info

Skip this step if and only if the endpoint is for creditCard

After verifying that the sign value, json_encode the json object and concatenate with param =

params={"a":"apple", "b":"boat", "c":"cat", "sign": "DAC619FA1BC9526EBDA688A9DC842B7A"}

Send the request with the header Content-Type: application/x-www-form-urlencoded