Token Signature

This page to learn how to generate signature for authorization token

To generate signature for Authorization token, partners must follow this formula

Token Signature Formula = SHA256withRSA(<private_key>, minify(<request_body>)

`<request_body>`

Key

Value

requestId

Random UUID

requestTime

Epoch time

type

value is must TYPE_GENERATE_TOKEN

body

Object

merchantId

Your merchantId

webview

To show web url or OpenAPI

additionalInfo

leave as empty string

Sample <request_body>

Notes :

Please make sure the JSON key and value order is correct like this sample :

{
    "requestId": "ed3f6763-b1bd-40e3-aecb-ddaa2c3a9775",
    "requestTime": 1865907223554,
    "type": "TYPE_GENERATE_TOKEN",
    "body": {
        "merchantId": "M_YDXabcd1",
        "webview": true,
        "additionalInfo": ""
    }
}

    private String generateXSignature(String requestPrivateKey, String minifyJsonBody) {
        try {
            byte[] privateKeyBytes = java.util.Base64.getDecoder().decode(requestPrivateKey);
            java.security.Signature sigClient = java.security.Signature.getInstance("SHA256WithRSA");
            java.security.spec.PKCS8EncodedKeySpec keySpec = new java.security.spec.PKCS8EncodedKeySpec(privateKeyBytes);
            java.security.KeyFactory kf = java.security.KeyFactory.getInstance("RSA");
            java.security.PrivateKey privateKey = kf.generatePrivate(keySpec);

            sigClient.initSign(privateKey);
            sigClient.update(minifyJsonBody.getBytes(StandardCharsets.UTF_8));
            byte[] signatureClient = sigClient.sign();

            return java.util.Base64.getEncoder().encodeToString(signatureClient);
        } catch (Exception e) {
            return null;
        }
    }

    // sample method
    public void generate(){
        final String privateKey = "MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCI4yKrJ0b7L54UDW5raqctBu21aWdPh+tqHgmHRiiAg3wnhvDzTJJMk9UCa7IKMt95X6zoQHC/Dj3pBgP2DwLj7O3ldE1umSR7N89d+xbPk6X2mmjtdTS2/G6rBUNMh9LiZ9oFdSup7CFJmimM5m17PY7Cr+PtOZ2VThmnqET4OfO/TuOlXmNJd8bnuHdy3VNFZCEUSBV01ItADWEyt8UVHRNFdl9zoBNCKJN/F8DhsEOINDt8ekWd7+J2uz6vJqwBV3jYw41ZMMSmSJUncoH9pd1A7plf+Xd6TZFQE2Gs8RMo6buIjxSUeRMI93LFYbdUPeftk3WMTi8DVGFPCCyPAgMBAAECggEAXxHA5jWlKpbrpumdIqUz7iW9uhy2T5oKeezamUS0pGytMZaaiZ9IjD6v1bqOMF8creMw5yy6ITb28HvpDF9olnvazV102bcqixk7v/2+3fOhdB/Rd/nK3rt68PP6xZAfena+CMRTyvPgOooDCYSPzOP33mbiWcOGGkffsX1ASVSRP8gcrHW9n607/0E4xaTsFCPKlGeoi9kKzcUmOMbqg7r/DAufeFu7RrM5kVkOBI2rSOPc4KcirbecHoVOL5/5m/769kBwdVyjLGUxbpOjJlMX/ud54Qfp4i4Fj+oWsxraNg4TxKNrAMvthR66hLGJ0gEMJZmT4x6g2jOi+wxDoQKBgQDNQ1+bOykUNV+UpfFPCg1P0E8trb8D49pDTwDgLn1n8SdukdvamHIepzpPwzVwSISTxMdMm9n+QDvbNm61eprzsRG4S2E2vQu2FFq0izpZAKAp6bzagljJ1TrGiNx5WdYs5NG4tTuP/VZivQBaARJsnZUheJt1f1HZ/Gg5ex8tiwKBgQCquRNSScDOAHuo85HLHkqAztNPXpqLPGw9JkGCIWxnBkbYEaal3DgJVZRAEEe8zXqy8ZKm0JXSN2CByJTRFG34omKlGSo8kfJ6tcnNsOlAWjHT5+bYwfIO491cnn7uGYwq2yQU/P8QY58+p9JK8I/py+dC69BUHsoj4z0SnrUljQKBgQCmmf2amB0SevO2Si4fMhB17KSndbNpa+H26cPTMci1ueWAeEDTHxLZUHAi11Wjaii5a2k8A++ezvIGThrzj6z/CIRSalRgQnaj9cddbPgRz1EwU7fmPw/j2f8Xr3QLxt/wllSmr+rFRyF7iN4lL2ON5yVpAmRjrNB5tsW9ifJXWwKBgCWvCIbHZNmT3bfjW7EcFJHuFVKVrUNCqRmuUhNpUUZEamrTKpe9zlixHTIu5cbVDFpnXFmZ/RgTxSegoMit28BgB6otrdcE2CMh8VOH01SzFACUVa5O0SFcRsZk7ducpAXprUM8vQhfFQ19ebu08e9HZNqutqN60F+vjxGHGrEZAoGAYFXY4qzMOLPIbJztbL6mnVB2Ntg8+8Jvz0YGe4s2ye2ol7vNZ4d0DE7P4Z66EPTJovpmvpjw5XT1RuK4CrNXvoJ4oxBdm3yF9BhobDxO5L5pWaWThxzNH8W61JwisUwDl5IbRRjwPovt5NXHZ/E/fUQ96jjt4NGftOcceD/ggKA=";
        final String minifiedJsonBody = "{\"requestId\":\"ed3f6763-b1bd-40e3-aecb-ddaa2c3a9775\",\"requestTime\":1865907223554,\"type\":\"TYPE_GENERATE_TOKEN\",\"body\":{\"merchantId\":\"M_YDXabcd1\",\"webview\":true,\"additionalInfo\":\"\"}}";
        final String signature = generateXSignature(privateKey, minifiedJsonBody);
        System.out.println("result : " + signature);
        // The output value will be
        // ATM9SRY1PHy3EcV1o0YPul7a4ZRWF500dJmtm+K10U148bKQAOLZiHINNu+UVX5tzEiWHjChYgFg2JKdEemYdvjcVEu1QqNm9SC/3oR6VUNwaF+IYthPgkrhDADhevwVoYCbCeGlQxCoWxdSoT7Wd1ACLoA0Ho53AlR8qHfDYc4Gqey1dKR6ePJbPnBk9x4XIGgOtY4zU3VM8u+LaQmVrSZ8D867izJLPA7tjV3sn2NbMOzM4I+V5Z4JXUZI5r72hwBiw0qE+/V35UEjZBF/5VRcACPCEHENZ5shy/ukuwbNzYdfnrmGJclzbHE+LcGF0iMFApYM0Ieci912W8AO+w==

import (
	"crypto"
	"crypto/hmac"
	"crypto/rand"
	"crypto/rsa"
	"crypto/sha256"
	"crypto/x509"
	"encoding/base64"
	"encoding/hex"
	"fmt"
)

func generateSignatureToken(strPrivateKey string, data string) string {
	decode, err := base64.StdEncoding.DecodeString(strPrivateKey)
	parsePrivate, err := x509.ParsePKCS8PrivateKey(decode)
	privateKey := parsePrivate.(*rsa.PrivateKey)
	shaNew := crypto.SHA256.New()
	shaNew.Write([]byte(data))
	hashSum := shaNew.Sum(nil)

	signature, err := rsa.SignPKCS1v15(rand.Reader, privateKey, crypto.SHA256, hashSum)
	if err != nil {
		panic(err)
	}
	return base64.StdEncoding.EncodeToString(signature)
}

func main() {
	privateKey := "MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCI4yKrJ0b7L54UDW5raqctBu21aWdPh+tqHgmHRiiAg3wnhvDzTJJMk9UCa7IKMt95X6zoQHC/Dj3pBgP2DwLj7O3ldE1umSR7N89d+xbPk6X2mmjtdTS2/G6rBUNMh9LiZ9oFdSup7CFJmimM5m17PY7Cr+PtOZ2VThmnqET4OfO/TuOlXmNJd8bnuHdy3VNFZCEUSBV01ItADWEyt8UVHRNFdl9zoBNCKJN/F8DhsEOINDt8ekWd7+J2uz6vJqwBV3jYw41ZMMSmSJUncoH9pd1A7plf+Xd6TZFQE2Gs8RMo6buIjxSUeRMI93LFYbdUPeftk3WMTi8DVGFPCCyPAgMBAAECggEAXxHA5jWlKpbrpumdIqUz7iW9uhy2T5oKeezamUS0pGytMZaaiZ9IjD6v1bqOMF8creMw5yy6ITb28HvpDF9olnvazV102bcqixk7v/2+3fOhdB/Rd/nK3rt68PP6xZAfena+CMRTyvPgOooDCYSPzOP33mbiWcOGGkffsX1ASVSRP8gcrHW9n607/0E4xaTsFCPKlGeoi9kKzcUmOMbqg7r/DAufeFu7RrM5kVkOBI2rSOPc4KcirbecHoVOL5/5m/769kBwdVyjLGUxbpOjJlMX/ud54Qfp4i4Fj+oWsxraNg4TxKNrAMvthR66hLGJ0gEMJZmT4x6g2jOi+wxDoQKBgQDNQ1+bOykUNV+UpfFPCg1P0E8trb8D49pDTwDgLn1n8SdukdvamHIepzpPwzVwSISTxMdMm9n+QDvbNm61eprzsRG4S2E2vQu2FFq0izpZAKAp6bzagljJ1TrGiNx5WdYs5NG4tTuP/VZivQBaARJsnZUheJt1f1HZ/Gg5ex8tiwKBgQCquRNSScDOAHuo85HLHkqAztNPXpqLPGw9JkGCIWxnBkbYEaal3DgJVZRAEEe8zXqy8ZKm0JXSN2CByJTRFG34omKlGSo8kfJ6tcnNsOlAWjHT5+bYwfIO491cnn7uGYwq2yQU/P8QY58+p9JK8I/py+dC69BUHsoj4z0SnrUljQKBgQCmmf2amB0SevO2Si4fMhB17KSndbNpa+H26cPTMci1ueWAeEDTHxLZUHAi11Wjaii5a2k8A++ezvIGThrzj6z/CIRSalRgQnaj9cddbPgRz1EwU7fmPw/j2f8Xr3QLxt/wllSmr+rFRyF7iN4lL2ON5yVpAmRjrNB5tsW9ifJXWwKBgCWvCIbHZNmT3bfjW7EcFJHuFVKVrUNCqRmuUhNpUUZEamrTKpe9zlixHTIu5cbVDFpnXFmZ/RgTxSegoMit28BgB6otrdcE2CMh8VOH01SzFACUVa5O0SFcRsZk7ducpAXprUM8vQhfFQ19ebu08e9HZNqutqN60F+vjxGHGrEZAoGAYFXY4qzMOLPIbJztbL6mnVB2Ntg8+8Jvz0YGe4s2ye2ol7vNZ4d0DE7P4Z66EPTJovpmvpjw5XT1RuK4CrNXvoJ4oxBdm3yF9BhobDxO5L5pWaWThxzNH8W61JwisUwDl5IbRRjwPovt5NXHZ/E/fUQ96jjt4NGftOcceD/ggKA="
	dataJson := "{\"requestId\":\"ed3f6763-b1bd-40e3-aecb-ddaa2c3a9775\",\"requestTime\":1865907223554,\"type\":\"TYPE_GENERATE_TOKEN\",\"body\":{\"merchantId\":\"M_YDXabcd1\",\"webview\":true,\"additionalInfo\":\"\"}}"
	signatureToken := generateSignatureToken(privateKey, dataJson)
	fmt.Println("signatureToken =", signatureToken)
	//output = ATM9SRY1PHy3EcV1o0YPul7a4ZRWF500dJmtm+K10U148bKQAOLZiHINNu+UVX5tzEiWHjChYgFg2JKdEemYdvjcVEu1QqNm9SC/3oR6VUNwaF+IYthPgkrhDADhevwVoYCbCeGlQxCoWxdSoT7Wd1ACLoA0Ho53AlR8qHfDYc4Gqey1dKR6ePJbPnBk9x4XIGgOtY4zU3VM8u+LaQmVrSZ8D867izJLPA7tjV3sn2NbMOzM4I+V5Z4JXUZI5r72hwBiw0qE+/V35UEjZBF/5VRcACPCEHENZ5shy/ukuwbNzYdfnrmGJclzbHE+LcGF0iMFApYM0Ieci912W8AO+w==
}

PreviousAPI Reference NextAuthentication Token

Last updated 9 months ago

{ "requestId": "ed3f6763-b1bd-40e3-aecb-ddaa2c3a9775", "requestTime": 1865907223554, "type": "TYPE_GENERATE_TOKEN", "body": { "merchantId": "M_YDXabcd1", "webview": true, "additionalInfo": "" } }

private String generateXSignature(String requestPrivateKey, String minifyJsonBody) { try { byte[] privateKeyBytes = java.util.Base64.getDecoder().decode(requestPrivateKey); java.security.Signature sigClient = java.security.Signature.getInstance("SHA256WithRSA"); java.security.spec.PKCS8EncodedKeySpec keySpec = new java.security.spec.PKCS8EncodedKeySpec(privateKeyBytes); java.security.KeyFactory kf = java.security.KeyFactory.getInstance("RSA"); java.security.PrivateKey privateKey = kf.generatePrivate(keySpec); sigClient.initSign(privateKey); sigClient.update(minifyJsonBody.getBytes(StandardCharsets.UTF_8)); byte[] signatureClient = sigClient.sign(); return java.util.Base64.getEncoder().encodeToString(signatureClient); } catch (Exception e) { return null; } } // sample method public void generate(){ final String privateKey = "MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCI4yKrJ0b7L54UDW5raqctBu21aWdPh+tqHgmHRiiAg3wnhvDzTJJMk9UCa7IKMt95X6zoQHC/Dj3pBgP2DwLj7O3ldE1umSR7N89d+xbPk6X2mmjtdTS2/G6rBUNMh9LiZ9oFdSup7CFJmimM5m17PY7Cr+PtOZ2VThmnqET4OfO/TuOlXmNJd8bnuHdy3VNFZCEUSBV01ItADWEyt8UVHRNFdl9zoBNCKJN/F8DhsEOINDt8ekWd7+J2uz6vJqwBV3jYw41ZMMSmSJUncoH9pd1A7plf+Xd6TZFQE2Gs8RMo6buIjxSUeRMI93LFYbdUPeftk3WMTi8DVGFPCCyPAgMBAAECggEAXxHA5jWlKpbrpumdIqUz7iW9uhy2T5oKeezamUS0pGytMZaaiZ9IjD6v1bqOMF8creMw5yy6ITb28HvpDF9olnvazV102bcqixk7v/2+3fOhdB/Rd/nK3rt68PP6xZAfena+CMRTyvPgOooDCYSPzOP33mbiWcOGGkffsX1ASVSRP8gcrHW9n607/0E4xaTsFCPKlGeoi9kKzcUmOMbqg7r/DAufeFu7RrM5kVkOBI2rSOPc4KcirbecHoVOL5/5m/769kBwdVyjLGUxbpOjJlMX/ud54Qfp4i4Fj+oWsxraNg4TxKNrAMvthR66hLGJ0gEMJZmT4x6g2jOi+wxDoQKBgQDNQ1+bOykUNV+UpfFPCg1P0E8trb8D49pDTwDgLn1n8SdukdvamHIepzpPwzVwSISTxMdMm9n+QDvbNm61eprzsRG4S2E2vQu2FFq0izpZAKAp6bzagljJ1TrGiNx5WdYs5NG4tTuP/VZivQBaARJsnZUheJt1f1HZ/Gg5ex8tiwKBgQCquRNSScDOAHuo85HLHkqAztNPXpqLPGw9JkGCIWxnBkbYEaal3DgJVZRAEEe8zXqy8ZKm0JXSN2CByJTRFG34omKlGSo8kfJ6tcnNsOlAWjHT5+bYwfIO491cnn7uGYwq2yQU/P8QY58+p9JK8I/py+dC69BUHsoj4z0SnrUljQKBgQCmmf2amB0SevO2Si4fMhB17KSndbNpa+H26cPTMci1ueWAeEDTHxLZUHAi11Wjaii5a2k8A++ezvIGThrzj6z/CIRSalRgQnaj9cddbPgRz1EwU7fmPw/j2f8Xr3QLxt/wllSmr+rFRyF7iN4lL2ON5yVpAmRjrNB5tsW9ifJXWwKBgCWvCIbHZNmT3bfjW7EcFJHuFVKVrUNCqRmuUhNpUUZEamrTKpe9zlixHTIu5cbVDFpnXFmZ/RgTxSegoMit28BgB6otrdcE2CMh8VOH01SzFACUVa5O0SFcRsZk7ducpAXprUM8vQhfFQ19ebu08e9HZNqutqN60F+vjxGHGrEZAoGAYFXY4qzMOLPIbJztbL6mnVB2Ntg8+8Jvz0YGe4s2ye2ol7vNZ4d0DE7P4Z66EPTJovpmvpjw5XT1RuK4CrNXvoJ4oxBdm3yF9BhobDxO5L5pWaWThxzNH8W61JwisUwDl5IbRRjwPovt5NXHZ/E/fUQ96jjt4NGftOcceD/ggKA="; final String minifiedJsonBody = "{\"requestId\":\"ed3f6763-b1bd-40e3-aecb-ddaa2c3a9775\",\"requestTime\":1865907223554,\"type\":\"TYPE_GENERATE_TOKEN\",\"body\":{\"merchantId\":\"M_YDXabcd1\",\"webview\":true,\"additionalInfo\":\"\"}}"; final String signature = generateXSignature(privateKey, minifiedJsonBody); System.out.println("result : " + signature); // The output value will be // ATM9SRY1PHy3EcV1o0YPul7a4ZRWF500dJmtm+K10U148bKQAOLZiHINNu+UVX5tzEiWHjChYgFg2JKdEemYdvjcVEu1QqNm9SC/3oR6VUNwaF+IYthPgkrhDADhevwVoYCbCeGlQxCoWxdSoT7Wd1ACLoA0Ho53AlR8qHfDYc4Gqey1dKR6ePJbPnBk9x4XIGgOtY4zU3VM8u+LaQmVrSZ8D867izJLPA7tjV3sn2NbMOzM4I+V5Z4JXUZI5r72hwBiw0qE+/V35UEjZBF/5VRcACPCEHENZ5shy/ukuwbNzYdfnrmGJclzbHE+LcGF0iMFApYM0Ieci912W8AO+w==

import ( "crypto" "crypto/hmac" "crypto/rand" "crypto/rsa" "crypto/sha256" "crypto/x509" "encoding/base64" "encoding/hex" "fmt" ) func generateSignatureToken(strPrivateKey string, data string) string { decode, err := base64.StdEncoding.DecodeString(strPrivateKey) parsePrivate, err := x509.ParsePKCS8PrivateKey(decode) privateKey := parsePrivate.(*rsa.PrivateKey) shaNew := crypto.SHA256.New() shaNew.Write([]byte(data)) hashSum := shaNew.Sum(nil) signature, err := rsa.SignPKCS1v15(rand.Reader, privateKey, crypto.SHA256, hashSum) if err != nil { panic(err) } return base64.StdEncoding.EncodeToString(signature) } func main() { privateKey := "MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCI4yKrJ0b7L54UDW5raqctBu21aWdPh+tqHgmHRiiAg3wnhvDzTJJMk9UCa7IKMt95X6zoQHC/Dj3pBgP2DwLj7O3ldE1umSR7N89d+xbPk6X2mmjtdTS2/G6rBUNMh9LiZ9oFdSup7CFJmimM5m17PY7Cr+PtOZ2VThmnqET4OfO/TuOlXmNJd8bnuHdy3VNFZCEUSBV01ItADWEyt8UVHRNFdl9zoBNCKJN/F8DhsEOINDt8ekWd7+J2uz6vJqwBV3jYw41ZMMSmSJUncoH9pd1A7plf+Xd6TZFQE2Gs8RMo6buIjxSUeRMI93LFYbdUPeftk3WMTi8DVGFPCCyPAgMBAAECggEAXxHA5jWlKpbrpumdIqUz7iW9uhy2T5oKeezamUS0pGytMZaaiZ9IjD6v1bqOMF8creMw5yy6ITb28HvpDF9olnvazV102bcqixk7v/2+3fOhdB/Rd/nK3rt68PP6xZAfena+CMRTyvPgOooDCYSPzOP33mbiWcOGGkffsX1ASVSRP8gcrHW9n607/0E4xaTsFCPKlGeoi9kKzcUmOMbqg7r/DAufeFu7RrM5kVkOBI2rSOPc4KcirbecHoVOL5/5m/769kBwdVyjLGUxbpOjJlMX/ud54Qfp4i4Fj+oWsxraNg4TxKNrAMvthR66hLGJ0gEMJZmT4x6g2jOi+wxDoQKBgQDNQ1+bOykUNV+UpfFPCg1P0E8trb8D49pDTwDgLn1n8SdukdvamHIepzpPwzVwSISTxMdMm9n+QDvbNm61eprzsRG4S2E2vQu2FFq0izpZAKAp6bzagljJ1TrGiNx5WdYs5NG4tTuP/VZivQBaARJsnZUheJt1f1HZ/Gg5ex8tiwKBgQCquRNSScDOAHuo85HLHkqAztNPXpqLPGw9JkGCIWxnBkbYEaal3DgJVZRAEEe8zXqy8ZKm0JXSN2CByJTRFG34omKlGSo8kfJ6tcnNsOlAWjHT5+bYwfIO491cnn7uGYwq2yQU/P8QY58+p9JK8I/py+dC69BUHsoj4z0SnrUljQKBgQCmmf2amB0SevO2Si4fMhB17KSndbNpa+H26cPTMci1ueWAeEDTHxLZUHAi11Wjaii5a2k8A++ezvIGThrzj6z/CIRSalRgQnaj9cddbPgRz1EwU7fmPw/j2f8Xr3QLxt/wllSmr+rFRyF7iN4lL2ON5yVpAmRjrNB5tsW9ifJXWwKBgCWvCIbHZNmT3bfjW7EcFJHuFVKVrUNCqRmuUhNpUUZEamrTKpe9zlixHTIu5cbVDFpnXFmZ/RgTxSegoMit28BgB6otrdcE2CMh8VOH01SzFACUVa5O0SFcRsZk7ducpAXprUM8vQhfFQ19ebu08e9HZNqutqN60F+vjxGHGrEZAoGAYFXY4qzMOLPIbJztbL6mnVB2Ntg8+8Jvz0YGe4s2ye2ol7vNZ4d0DE7P4Z66EPTJovpmvpjw5XT1RuK4CrNXvoJ4oxBdm3yF9BhobDxO5L5pWaWThxzNH8W61JwisUwDl5IbRRjwPovt5NXHZ/E/fUQ96jjt4NGftOcceD/ggKA=" dataJson := "{\"requestId\":\"ed3f6763-b1bd-40e3-aecb-ddaa2c3a9775\",\"requestTime\":1865907223554,\"type\":\"TYPE_GENERATE_TOKEN\",\"body\":{\"merchantId\":\"M_YDXabcd1\",\"webview\":true,\"additionalInfo\":\"\"}}" signatureToken := generateSignatureToken(privateKey, dataJson) fmt.Println("signatureToken =", signatureToken) //output = ATM9SRY1PHy3EcV1o0YPul7a4ZRWF500dJmtm+K10U148bKQAOLZiHINNu+UVX5tzEiWHjChYgFg2JKdEemYdvjcVEu1QqNm9SC/3oR6VUNwaF+IYthPgkrhDADhevwVoYCbCeGlQxCoWxdSoT7Wd1ACLoA0Ho53AlR8qHfDYc4Gqey1dKR6ePJbPnBk9x4XIGgOtY4zU3VM8u+LaQmVrSZ8D867izJLPA7tjV3sn2NbMOzM4I+V5Z4JXUZI5r72hwBiw0qE+/V35UEjZBF/5VRcACPCEHENZ5shy/ukuwbNzYdfnrmGJclzbHE+LcGF0iMFApYM0Ieci912W8AO+w== }