PaymentIntent
The PaymentIntent object contains payment data. To ensure that this payment data is not tampered with (e.g. a customer amends the amount to be smaller), the PaymentIntent
requires a HMAC verification
field to be conducted in your backend using your Pay Now secret.
PaymentIntent
is used in the following methods.
Attribute | Type | Description |
---|---|---|
payment.amount | number | Amount in subunit (non-decimal) |
payment.currency | string | ISO-4217 country codes |
payment.reference | string | Reference or invoice number for the payment transaction/ |
payment.hide_card_holder | boolean | Determines if the "Card Holder" field should be shown on the page or not. If this is included and true, it must be appended to the end of the verification hash. See "Verification Value Hash Calculation" below for more details. |
verification | string | For payments: Hash of amount, reference, currency. For verifyCard verifyCard: Hash of card_token See Verification Value Hash Calculation below for more details on how to calculate this value. |
{
payment: {
amount: 10025,
currency: "AUD",
reference: "INV1121"
},
verification: "xxxxxx"
}
Verification Value Hash Calculation
The Verification Value Hash should only ever be calculated on your backend server, and never in client-side code.
This is because your Pay Now token is a secret value that only you should know. Calculating the Verification Value Hash on the client-side (e.g. in client-side Javascript) would make your Pay Now token secret visible to public via browser developer tools.
Below is pseudo code demonstrating how the verification hash is calculated using a PayNow token. The Pay Now token can be obtained from the Fat Zebra Merchant Dashboard.
VerifyCard
Please make sure that the hash calculation is only the shared_secret, card token
shared_secret = "abc123" # Also known as your Pay Now token
card_token = "xyc12ce" # FatZebra issued token representing a debit or credit card
verification = hmac_md5(shared_secret, card_token)
# Expected value: 8cf7e7d50664d118c41a70b1ba22d916
Payments
Please make sure that reference (invoice #), amount (subunit) and currency are in the correct order as shown:
shared_secret = "abc123" # Also known as your Pay Now token
invoice_no = "INV4567" # Also known as reference
amount = "1000"
currency = "AUD"
hide_card_holder = true
hmac = HMAC::MD5.new(shared_secret)
data = [invoice_no, amount, currency]
data << [hide_card_holder] if hide_card_holder
# Data will be:
# INV4567:1000:AUD:true
verification = hmac_md5(shared_secret, data.join(":"))
# Expected value: c045c96c113ae660b91b60bd09feda20
# Hash will be 0a40877ca9f75152f27bf093af7fd44b if hide_card_holder is false
Updated about 2 months ago