• Technical connection requires the store to have an account registered on the BilderlingsPay website. The information required for connection: the endpoints for test and live environments to send data to; the user name and password for the merchant panel, where you can keep track of the payments and their status; store ID and its private key used to sign requests.
  • All requests are signed with authentication tokens generated by SHA-512 using hexadecimal digest. The principles behind it can be found in RFC 4634 and on Wikipedia page.
  • The authentication algorithm is implemented as follows:
  • 1. All requests are digitally signed.
  • 2. Digital signature is transmitted using the POST method.
  • 3. Form must contain:
    Header Description
    X-Shop-Name shop code which will be assigned during profile registration and send to merchant in the separate document
    X-Nonce random symbols which are used for encryption and must be unique for each request. Length must be between 5 and 32 symbols
    X-Request-Signature encrypted signature of the request
  • 4. Algorithm of encryption: EncodeHex(SHA-512(input)), where
    input = <field1>...<fieldN><X-Nonce><ShopPassword>
    <fieldN> – value of fields used for generation of signature. List of the fields for various payment step processing could be different.
    <ShopPassword> – secret key of shop assigned during account registration and send to merchant in the separate document
  • Validation of authentication is performed when the request is received.
Authentication signature example
  • Consider the following element values:
  • Key Value Example
    "X-Shop-Name" "TEST SHOP"
    "X-Nonce" "WhjhjTTYYYYooooo"
    <ShopPassword> "secretpassword123"
    <order_id> "Order-123"
    <amount> "210.99"
    <currency> "USD"
    <payment_method> "FD_SMS"
  • And the required fields for signing are
  • Then, input string would be Order-123210.99USDFD_SMSTEST SHOPWhjhjTTYYYYooooosecretpassword123,
  • and signature using SHA-512 encryption: