Token Signature

This page to learn how to generate signature for authorization token

To generate signature for Authorization token, partners must follow this formula

Token Signature Formula = SHA256withRSA(<private_key>, minify(<request_body>)

`<request_body>`

Key	Value
requestId	Random UUID
requestTime	Epoch time
type	value is must TYPE_GENERATE_TOKEN
body	Object
merchantId	Your merchantId
webview	To show web url or OpenAPI
additionalInfo	leave as empty string

Key

Value

requestId

Random UUID

requestTime

Epoch time

type

value is must TYPE_GENERATE_TOKEN

body

Object

merchantId

Your merchantId

webview

To show web url or OpenAPI

additionalInfo

leave as empty string

Sample <request_body>

Notes :

Please make sure the JSON key and value order is correct like this sample :

{
    "requestId": "ed3f6763-b1bd-40e3-aecb-ddaa2c3a9775",
    "requestTime": 1865907223554,
    "type": "TYPE_GENERATE_TOKEN",
    "body": {
        "merchantId": "M_YDXabcd1",
        "webview": true,
        "additionalInfo": ""
    }
}

    private String generateXSignature(String requestPrivateKey, String minifyJsonBody) {
        try {
            byte[] privateKeyBytes = java.util.Base64.getDecoder().decode(requestPrivateKey);
            java.security.Signature sigClient = java.security.Signature.getInstance("SHA256WithRSA");
            java.security.spec.PKCS8EncodedKeySpec keySpec = new java.security.spec.PKCS8EncodedKeySpec(privateKeyBytes);
            java.security.KeyFactory kf = java.security.KeyFactory.getInstance("RSA");
            java.security.PrivateKey privateKey = kf.generatePrivate(keySpec);

            sigClient.initSign(privateKey);
            sigClient.update(minifyJsonBody.getBytes(StandardCharsets.UTF_8));
            byte[] signatureClient = sigClient.sign();

            return java.util.Base64.getEncoder().encodeToString(signatureClient);
        } catch (Exception e) {
            return null;
        }
    }

    // sample method
    public void generate(){
        final String privateKey = "MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCI4yKrJ0b7L54UDW5raqctBu21aWdPh+tqHgmHRiiAg3wnhvDzTJJMk9UCa7IKMt95X6zoQHC/Dj3pBgP2DwLj7O3ldE1umSR7N89d+xbPk6X2mmjtdTS2/G6rBUNMh9LiZ9oFdSup7CFJmimM5m17PY7Cr+PtOZ2VThmnqET4OfO/TuOlXmNJd8bnuHdy3VNFZCEUSBV01ItADWEyt8UVHRNFdl9zoBNCKJN/F8DhsEOINDt8ekWd7+J2uz6vJqwBV3jYw41ZMMSmSJUncoH9pd1A7plf+Xd6TZFQE2Gs8RMo6buIjxSUeRMI93LFYbdUPeftk3WMTi8DVGFPCCyPAgMBAAECggEAXxHA5jWlKpbrpumdIqUz7iW9uhy2T5oKeezamUS0pGytMZaaiZ9IjD6v1bqOMF8creMw5yy6ITb28HvpDF9olnvazV102bcqixk7v/2+3fOhdB/Rd/nK3rt68PP6xZAfena+CMRTyvPgOooDCYSPzOP33mbiWcOGGkffsX1ASVSRP8gcrHW9n607/0E4xaTsFCPKlGeoi9kKzcUmOMbqg7r/DAufeFu7RrM5kVkOBI2rSOPc4KcirbecHoVOL5/5m/769kBwdVyjLGUxbpOjJlMX/ud54Qfp4i4Fj+oWsxraNg4TxKNrAMvthR66hLGJ0gEMJZmT4x6g2jOi+wxDoQKBgQDNQ1+bOykUNV+UpfFPCg1P0E8trb8D49pDTwDgLn1n8SdukdvamHIepzpPwzVwSISTxMdMm9n+QDvbNm61eprzsRG4S2E2vQu2FFq0izpZAKAp6bzagljJ1TrGiNx5WdYs5NG4tTuP/VZivQBaARJsnZUheJt1f1HZ/Gg5ex8tiwKBgQCquRNSScDOAHuo85HLHkqAztNPXpqLPGw9JkGCIWxnBkbYEaal3DgJVZRAEEe8zXqy8ZKm0JXSN2CByJTRFG34omKlGSo8kfJ6tcnNsOlAWjHT5+bYwfIO491cnn7uGYwq2yQU/P8QY58+p9JK8I/py+dC69BUHsoj4z0SnrUljQKBgQCmmf2amB0SevO2Si4fMhB17KSndbNpa+H26cPTMci1ueWAeEDTHxLZUHAi11Wjaii5a2k8A++ezvIGThrzj6z/CIRSalRgQnaj9cddbPgRz1EwU7fmPw/j2f8Xr3QLxt/wllSmr+rFRyF7iN4lL2ON5yVpAmRjrNB5tsW9ifJXWwKBgCWvCIbHZNmT3bfjW7EcFJHuFVKVrUNCqRmuUhNpUUZEamrTKpe9zlixHTIu5cbVDFpnXFmZ/RgTxSegoMit28BgB6otrdcE2CMh8VOH01SzFACUVa5O0SFcRsZk7ducpAXprUM8vQhfFQ19ebu08e9HZNqutqN60F+vjxGHGrEZAoGAYFXY4qzMOLPIbJztbL6mnVB2Ntg8+8Jvz0YGe4s2ye2ol7vNZ4d0DE7P4Z66EPTJovpmvpjw5XT1RuK4CrNXvoJ4oxBdm3yF9BhobDxO5L5pWaWThxzNH8W61JwisUwDl5IbRRjwPovt5NXHZ/E/fUQ96jjt4NGftOcceD/ggKA=";
        final String minifiedJsonBody = "{\"requestId\":\"ed3f6763-b1bd-40e3-aecb-ddaa2c3a9775\",\"requestTime\":1865907223554,\"type\":\"TYPE_GENERATE_TOKEN\",\"body\":{\"merchantId\":\"M_YDXabcd1\",\"webview\":true,\"additionalInfo\":\"\"}}";
        final String signature = generateXSignature(privateKey, minifiedJsonBody);
        System.out.println("result : " + signature);
        // The output value will be
        // ATM9SRY1PHy3EcV1o0YPul7a4ZRWF500dJmtm+K10U148bKQAOLZiHINNu+UVX5tzEiWHjChYgFg2JKdEemYdvjcVEu1QqNm9SC/3oR6VUNwaF+IYthPgkrhDADhevwVoYCbCeGlQxCoWxdSoT7Wd1ACLoA0Ho53AlR8qHfDYc4Gqey1dKR6ePJbPnBk9x4XIGgOtY4zU3VM8u+LaQmVrSZ8D867izJLPA7tjV3sn2NbMOzM4I+V5Z4JXUZI5r72hwBiw0qE+/V35UEjZBF/5VRcACPCEHENZ5shy/ukuwbNzYdfnrmGJclzbHE+LcGF0iMFApYM0Ieci912W8AO+w==

import (
	"crypto"
	"crypto/hmac"
	"crypto/rand"
	"crypto/rsa"
	"crypto/sha256"
	"crypto/x509"
	"encoding/base64"
	"encoding/hex"
	"fmt"
)

func generateSignatureToken(strPrivateKey string, data string) string {
	decode, err := base64.StdEncoding.DecodeString(strPrivateKey)
	parsePrivate, err := x509.ParsePKCS8PrivateKey(decode)
	privateKey := parsePrivate.(*rsa.PrivateKey)
	shaNew := crypto.SHA256.New()
	shaNew.Write([]byte(data))
	hashSum := shaNew.Sum(nil)

	signature, err := rsa.SignPKCS1v15(rand.Reader, privateKey, crypto.SHA256, hashSum)
	if err != nil {
		panic(err)
	}
	return base64.StdEncoding.EncodeToString(signature)
}

func main() {
	privateKey := "MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCI4yKrJ0b7L54UDW5raqctBu21aWdPh+tqHgmHRiiAg3wnhvDzTJJMk9UCa7IKMt95X6zoQHC/Dj3pBgP2DwLj7O3ldE1umSR7N89d+xbPk6X2mmjtdTS2/G6rBUNMh9LiZ9oFdSup7CFJmimM5m17PY7Cr+PtOZ2VThmnqET4OfO/TuOlXmNJd8bnuHdy3VNFZCEUSBV01ItADWEyt8UVHRNFdl9zoBNCKJN/F8DhsEOINDt8ekWd7+J2uz6vJqwBV3jYw41ZMMSmSJUncoH9pd1A7plf+Xd6TZFQE2Gs8RMo6buIjxSUeRMI93LFYbdUPeftk3WMTi8DVGFPCCyPAgMBAAECggEAXxHA5jWlKpbrpumdIqUz7iW9uhy2T5oKeezamUS0pGytMZaaiZ9IjD6v1bqOMF8creMw5yy6ITb28HvpDF9olnvazV102bcqixk7v/2+3fOhdB/Rd/nK3rt68PP6xZAfena+CMRTyvPgOooDCYSPzOP33mbiWcOGGkffsX1ASVSRP8gcrHW9n607/0E4xaTsFCPKlGeoi9kKzcUmOMbqg7r/DAufeFu7RrM5kVkOBI2rSOPc4KcirbecHoVOL5/5m/769kBwdVyjLGUxbpOjJlMX/ud54Qfp4i4Fj+oWsxraNg4TxKNrAMvthR66hLGJ0gEMJZmT4x6g2jOi+wxDoQKBgQDNQ1+bOykUNV+UpfFPCg1P0E8trb8D49pDTwDgLn1n8SdukdvamHIepzpPwzVwSISTxMdMm9n+QDvbNm61eprzsRG4S2E2vQu2FFq0izpZAKAp6bzagljJ1TrGiNx5WdYs5NG4tTuP/VZivQBaARJsnZUheJt1f1HZ/Gg5ex8tiwKBgQCquRNSScDOAHuo85HLHkqAztNPXpqLPGw9JkGCIWxnBkbYEaal3DgJVZRAEEe8zXqy8ZKm0JXSN2CByJTRFG34omKlGSo8kfJ6tcnNsOlAWjHT5+bYwfIO491cnn7uGYwq2yQU/P8QY58+p9JK8I/py+dC69BUHsoj4z0SnrUljQKBgQCmmf2amB0SevO2Si4fMhB17KSndbNpa+H26cPTMci1ueWAeEDTHxLZUHAi11Wjaii5a2k8A++ezvIGThrzj6z/CIRSalRgQnaj9cddbPgRz1EwU7fmPw/j2f8Xr3QLxt/wllSmr+rFRyF7iN4lL2ON5yVpAmRjrNB5tsW9ifJXWwKBgCWvCIbHZNmT3bfjW7EcFJHuFVKVrUNCqRmuUhNpUUZEamrTKpe9zlixHTIu5cbVDFpnXFmZ/RgTxSegoMit28BgB6otrdcE2CMh8VOH01SzFACUVa5O0SFcRsZk7ducpAXprUM8vQhfFQ19ebu08e9HZNqutqN60F+vjxGHGrEZAoGAYFXY4qzMOLPIbJztbL6mnVB2Ntg8+8Jvz0YGe4s2ye2ol7vNZ4d0DE7P4Z66EPTJovpmvpjw5XT1RuK4CrNXvoJ4oxBdm3yF9BhobDxO5L5pWaWThxzNH8W61JwisUwDl5IbRRjwPovt5NXHZ/E/fUQ96jjt4NGftOcceD/ggKA="
	dataJson := "{\"requestId\":\"ed3f6763-b1bd-40e3-aecb-ddaa2c3a9775\",\"requestTime\":1865907223554,\"type\":\"TYPE_GENERATE_TOKEN\",\"body\":{\"merchantId\":\"M_YDXabcd1\",\"webview\":true,\"additionalInfo\":\"\"}}"
	signatureToken := generateSignatureToken(privateKey, dataJson)
	fmt.Println("signatureToken =", signatureToken)
	//output = ATM9SRY1PHy3EcV1o0YPul7a4ZRWF500dJmtm+K10U148bKQAOLZiHINNu+UVX5tzEiWHjChYgFg2JKdEemYdvjcVEu1QqNm9SC/3oR6VUNwaF+IYthPgkrhDADhevwVoYCbCeGlQxCoWxdSoT7Wd1ACLoA0Ho53AlR8qHfDYc4Gqey1dKR6ePJbPnBk9x4XIGgOtY4zU3VM8u+LaQmVrSZ8D867izJLPA7tjV3sn2NbMOzM4I+V5Z4JXUZI5r72hwBiw0qE+/V35UEjZBF/5VRcACPCEHENZ5shy/ukuwbNzYdfnrmGJclzbHE+LcGF0iMFApYM0Ieci912W8AO+w==
}

PreviousAPI Reference NextAuthentication Token

Last updated 1 month ago