- Technical connection requires the store to have an account registered on the BilderlingsPay website. The information required for connection: the endpoints for test and live environments to send data to; the user name and password for the merchant panel, where you can keep track of the payments and their status; store ID and its private key used to sign requests.
- All requests are signed with authentication tokens generated by SHA-512 using hexadecimal digest. The principles behind it can be found in RFC 4634 and on Wikipedia page.
- The authentication algorithm is implemented as follows:
- 1. All requests are digitally signed.
- 2. Digital signature is transmitted using the POST method.
3. Form must contain:
Header Description X-Shop-Name shop code which will be assigned during profile registration and send to merchant in the separate document X-Nonce random symbols which are used for encryption and must be unique for each request. Length must be between 5 and 32 symbols X-Request-Signature encrypted signature of the request
4. Algorithm of encryption: EncodeHex(SHA-512(input)), where
input = <field1>...<fieldN><X-Nonce><ShopPassword><fieldN> – value of fields used for generation of signature. List of the fields for various payment step processing could be different.<ShopPassword> – secret key of shop assigned during account registration and send to merchant in the separate document
- Validation of authentication is performed when the request is received.
Authentication signature example
- Consider the following element values:
Key Value Example "X-Shop-Name" "TEST SHOP" "X-Nonce" "WhjhjTTYYYYooooo" <ShopPassword> "secretpassword123" <order_id> "Order-123" <amount> "210.99" <currency> "USD" <payment_method> "FD_SMS"
- And the required fields for signing are
- Then, input string would be Order-123210.99USDFD_SMSTEST SHOPWhjhjTTYYYYooooosecretpassword123,
- and signature using SHA-512 encryption: