PaymentIntent
The PaymentIntent object contains payment data. To ensure that this payment data is not tampered with (e.g. a customer amends the amount to be smaller), the PaymentIntent
requires a HMAC verification
field to be conducted in your backend using your Pay Now secret.
PaymentIntent
is used in the following methods.
Attribute | Type | Description |
---|---|---|
| number | Amount in subunit (non-decimal) |
| string | |
| string | Reference or invoice number for the payment transaction/ |
| string | Hash of amount, reference, currency. See Verification Value Hash Calculation below for more details on how to calculate this value. |
{
payment: {
amount: 10025,
currency: "AUD",
reference: "INV1121"
},
verification: "xxxxxx"
}
Verification Value Hash Calculation
The Verification Value Hash should only ever be calculated on your backend server, and never in client-side code.
This is because your Pay Now token is a secret value that only you should know. Calculating the Verification Value Hash on the client-side (e.g. in client-side Javascript) would make your Pay Now token secret visible to public via browser developer tools.
Below is pseudo code demonstrating how the verification hash is calculated using a PayNow token. The Pay Now token can be obtained from the Fat Zebra Merchant Dashboard.
Please make sure that reference (invoice #), amount (subunit) and currency are in the correct order as shown:
shared_secret = "abc123ff12" # Also known as your Pay Now token
invoice_no = "INV1121" # Also known as reference
amount = "10025"
currency = "AUD"
data = [invoice_no, amount, currency].join(":") # Results in "INV1121:10025:AUD"
verification = hmac_md5(shared_secret, data)
Updated over 1 year ago