PaymentIntent

The PaymentIntent object contains payment data. To ensure that this payment data is not tampered with (e.g. a customer amends the amount to be smaller), the PaymentIntent requires a HMAC verification field to be conducted in your backend using your Pay Now secret.

PaymentIntent is used in the following methods.

• load
• verifyCard

{
  payment: {
    amount: 10025,
    currency: "AUD",
    reference: "INV1121"
  },
  verification: "xxxxxx"
}

Verification Value Hash Calculation

❗️

The Verification Value Hash should only ever be calculated on your backend server, and never in client-side code.

This is because your Pay Now token is a secret value that only you should know. Calculating the Verification Value Hash on the client-side (e.g. in client-side Javascript) would make your Pay Now token secret visible to public via browser developer tools.

Below is pseudo code demonstrating how the verification hash is calculated using a PayNow token. The Pay Now token can be obtained from the Fat Zebra Merchant Dashboard.

VerifyCard

Please make sure that the hash calculation is only the shared_secret, card token

shared_secret = "abc123" # Also known as your Pay Now token
card_token = "xyc12ce" # FatZebra issued token representing a debit or credit card

verification = hmac_md5(shared_secret, card_token)
# Expected value: 8cf7e7d50664d118c41a70b1ba22d916

Payments

Please make sure that reference (invoice #), amount (subunit) and currency are in the correct order as shown:

shared_secret = "abc123" # Also known as your Pay Now token

invoice_no = "INV4567" # Also known as reference
amount = "1000"
currency = "AUD"
hide_card_holder = true

hmac = HMAC::MD5.new(shared_secret)
data = [invoice_no, amount, currency]
data << [hide_card_holder] if hide_card_holder

# Data will be:
# INV4567:1000:AUD:true
verification = hmac_md5(shared_secret, data.join(":"))
# Expected value: c045c96c113ae660b91b60bd09feda20
# Hash will be 0a40877ca9f75152f27bf093af7fd44b if hide_card_holder is false