Skip to content

Signkey

This is the public key for signed data. The callback will be sent by us and it will not change. If this happens, every participant will be immediately informed.

Get current key for signing callbacks

w/o authorization

GET- /signkey (1)

  1. Sandbox server (uses test data)
    https://api.sandbox.payerly.tech/v1/signkey
    Production server (uses live data)
    https://api.payerly.tech/v1/signkey

Code samples

package main
import (
    "crypto"
    "crypto/rsa"
    "crypto/sha256"
    "crypto/x509"
    "encoding/base64"
    "encoding/pem"
    "fmt"
)

const PUBLIC_KEY = `-----BEGIN PUBLIC KEY-----
MIIBI.....................................QAB
-----END PUBLIC KEY-----`

func PubKey() *rsa.PublicKey {
    block, _ := pem.Decode([]byte(PUBLIC_KEY))
    key, _ := x509.ParsePKIXPublicKey(block.Bytes)

    return key.(*rsa.PublicKey)
}

func Verify(pubKey *rsa.PublicKey, message string, signature []byte) bool {
    hashed := sha256.Sum256([]byte(message))

    err := rsa.VerifyPKCS1v15(pubKey, crypto.SHA256, hashed[:], signature)
    return err == nil
}

func main() {
    pubKey := PubKey()

    message := `{"type":"PAYMENT","object":{"paymentId":"p-5......................................ption":"No error."}}`
    sign := `hP6PKb3xu..............hm86oaGpUA==`

    signature, _ := base64.StdEncoding.DecodeString(sign)
    fmt.Println("Verify:", Verify(pubKey, message, signature))
}

<?php
$data = file_get_contents('php://input');
$sign = $_SERVER['HTTP_SIGNATURE'];

$fp = fopen("/tmp/test_sign_verify_ex", "a+");
fwrite($fp, $sign . "\n\n");
fwrite($fp, $data . "\n\n");

$url = "https://{API_URL}/signkey";
$arrContextOptions = ["ssl" => ["verify_peer" => false, "verify_peer_name" => false]];
$res = json_decode(file_get_contents($url, false, stream_context_create($arrContextOptions)), true);

$pub_key = openssl_pkey_get_public($res['pem']);
if ($pub_key) {
    $result = openssl_verify($data, base64_decode($sign), $pub_key, OPENSSL_ALGO_SHA256);
    if ($result == 1)
        $msg = "Signature OK\n";
    elseif ($result == 0)
        $msg = "Signature verification failed\n";
    else
        $msg = "Error verifying signature\n";
}

fwrite($fp, $msg);
?>
RESPONSE HEADERS:
Parameter Type Description
Date string(date-time) The Date header indicates the server time.
RESPONSE SCHEMA: application/json
Parameter Type Description
jwk string Public key (JWK)
pem string Public key (PEM)
alg string Sign algorithm
200 
  {
      "jwk": "string",
      "pem": "string",
      "alg": "string"
  }
default 
  {
    "error": {
      "code": 65535,
      "description": "string",
      "traceId": "string",
      "details": [
        {
          "value": "string",
          "description": "string",
          "fields": [
            {
              "name": "string",
              "type": "string",
              "value": "string"
            }
          ]
        }
      ]      
    }
  }