Docs
Docs
Start typing to search…

Authentication Headers

To enhance security and ensure the integrity of content sent from the merchant to our payment gateway services, it is essential to include specific headers in each server request. For this, the SHA-256 algorithm is used in combination with HMAC and the private key, which will be provided by the support team. Below is a detailed description of how this process works.

Description of Headers to Add

  1. x-scrty-content-sha256: Applies a SHA-256 algorithm to the request body.
  2. x-scrty-date: Represents the current time in UTC (Coordinated Universal Time), expressed in Unix time. A margin of 5 minutes is allowed between the time in the header and the server time.
  3. Authorization: "scrty :" Followed by the HMAC calculation, as detailed below.

HMAC Calculation

The HMAC hash calculation process uses the SHA-256 algorithm. This calculation is performed on the concatenation of the following elements and the private key:

  • method|Content-Type|x-scrty-content-sha256|x-scrty-date

To further clarify the process, we provide source code in several popular programming languages. If you still have questions, please don’t hesitate to contact the support team.

using System;
using System.Collections.Generic;
using System.IO;
using System.Net;
using System.Security.Cryptography;
using System.Text;

class Program
{
    static void Main()
    {
        // Fecha y hora automatizadas
        long date = DateTimeOffset.UtcNow.ToUnixTimeSeconds();
        
        // Clave HMAC
        string key = "XXXXXXXXXXXXXXXXXX";
       
        string transactionBody = "{\"jsonProperty1\": \"value1\", \"jsonProperty2\": \"value2\"}";
        string method = "POST";
        string contentDigest = GetSha256Hash(transactionBody);
        string contentType = "application/json";

        // Nombre del host sin HTTPS
        string host = "urldelendpoint";

        // Encabezados
        Dictionary<string, string> headers = new Dictionary<string, string>
        {
            {"Content-Type", contentType},
            {"Accept", "application/json"},
            {"x-scrty-content-sha256", contentDigest},
            {"x-scrty-date", date.ToString()},
            {"Authorization", "scrty :" + Convert.ToBase64String(HmacSha256(key, $"{method}|{contentType}|{contentDigest}|{date}"))}
        };

        // Solicitud HTTP
        HttpWebRequest request = (HttpWebRequest)WebRequest.Create("https://" + host );
        request.Method = method;
        request.ContentType = contentType;

        foreach (var header in headers)
        {
            request.Headers.Add(header.Key, header.Value);
        }

        using (StreamWriter streamWriter = new StreamWriter(request.GetRequestStream()))
        {
            streamWriter.Write(transactionBody);
            streamWriter.Flush();
            streamWriter.Close();
        }

        // Respuesta HTTP
        HttpWebResponse response = (HttpWebResponse)request.GetResponse();
        using (StreamReader streamReader = new StreamReader(response.GetResponseStream()))
        {
            Console.WriteLine(streamReader.ReadToEnd());
        }
    }

    static string GetSha256Hash(string input)
    {
        using (var sha256 = SHA256.Create())
        {
            byte[] hashBytes = sha256.ComputeHash(Encoding.UTF8.GetBytes(input));
            StringSe adjuntan un Builder sb = new StringBuilder();

            foreach (byte b in hashBytes)
            {
                sb.Append(b.ToString("x2"));
            }

            return sb.ToString();
        }
    }

    static byte[] HmacSha256(string key, string data)
    {
        using (HMACSHA256 hmac = new HMACSHA256(Encoding.UTF8.GetBytes(key)))
        {
            return hmac.ComputeHash(Encoding.UTF8.GetBytes(data));
        }
    }
}
import hashlib
import hmac
import base64
import json
import requests
from datetime import datetime

def main():
    # Fecha y hora automatizadas
    date_scrty = int(datetime.utcnow().timestamp())

    # Clave HMAC
    key = "XXXXXXXXXXXXXXXXXX"

    transaction_body = {"jsonProperty1": "value1", "jsonProperty2": "value2"}
    method = "POST"
    content_digest = get_sha256_hash(json.dumps(transaction_body))
    content_type = "application/json"

    # URL del endpoint
    host = "urldelendpoint"

    # Encabezados
    headers = {
        "Content-Type": content_type,
        "Accept": "application/json",
        "x-scrty-content-sha256": content_digest,
        "x-scrty-date": str(date_scrty),
        "Authorization": f"scrty : {base64.b64encode(hmac_sha256(key, f'{method}|{content_type}|{content_digest}|{date_scrty}').digest()).decode()}"
    }

    # Solicitud HTTP
    response = requests.post(f"https://{host}", headers=headers, json=transaction_body)

    # Imprimir respuesta HTTP
    print(response.text)

def get_sha256_hash(input_string):
    sha256 = hashlib.sha256()
    sha256.update(input_string.encode("utf-8"))
    return sha256.hexdigest()

def hmac_sha256(key, data):
    return hmac.new(key.encode("utf-8"), data.encode("utf-8"), hashlib.sha256)

if __name__ == "__main__":
    main()

Updated 3 months ago