PaymentIntent

The PaymentIntent object contains payment data. To ensure that this payment data is not tampered with (e.g. a customer amends the amount to be smaller), the PaymentIntent requires a HMAC verification field to be conducted in your backend using your Pay Now secret.

PaymentIntent is used in the following methods.

Attribute

Type

Description

payment.amount

number

Amount in subunit (non-decimal)

payment.currency

string

ISO-4217 country codes

payment.reference

string

Reference or invoice number for the payment transaction/

verification

string

Hash of amount, reference, currency. See Verification Value Hash Calculation below for more details on how to calculate this value.

{
  payment: {
    amount: 10025,
    currency: "AUD",
    reference: "INV1121"
  },
  verification: "xxxxxx"
}

Verification Value Hash Calculation

❗️

The Verification Value Hash should only ever be calculated on your backend server, and never in client-side code.

This is because your Pay Now token is a secret value that only you should know. Calculating the Verification Value Hash on the client-side (e.g. in client-side Javascript) would make your Pay Now token secret visible to public via browser developer tools.

Below is pseudo code demonstrating how the verification hash is calculated using a PayNow token. The Pay Now token can be obtained from the Fat Zebra Merchant Dashboard.

Please make sure that reference (invoice #), amount (subunit) and currency are in the correct order as shown:

shared_secret = "abc123ff12" # Also known as your Pay Now token

invoice_no = "INV1121" # Also known as reference
amount = "10025"
currency = "AUD"

data = [invoice_no, amount, currency].join(":") # Results in "INV1121:10025:AUD"

verification = hmac_md5(shared_secret, data)