Callback protection using checksum

In order to ensure that the information you are receiving in your callback url is legitimately from Jambopay, a checksum will be sent as part of the callback payload. The checksum is derived using the sha256 hashing algorithm and consists of a combination of your order id, amount in 2 decimal places and your merchant checksum key which you can obtain from the settings page in your merchant account portal.

The checksum should be calculated and verified after you have received the callback information in your backend. The code below shows an example of how you can calculate and verify the checksum in a php backend after receiving the callback and before marking your order as complete.

function calculateChecksum($orderData){
  $checksumKey = "Your checksum key";//obtained from some secret env
  return hash("sha256",$orderData->orderId.strval(round($orderData->amount,2)).$checksumKey);
}


function verifyChecksum($callbackInfo){
   $orderInfo = GetOrderFromDb($callbackInfo->orderId);
   return calculateChecksum($orderInfo)===$callbackInfo->checksum;
}

You can download a checksum test cases file to test out your checksum calculation and verification code. Sample orderIds and amounts are provided in that file. To be sure that your code is in order it should output a checksum equal to that provided in the checksum column when given the orderId and amount on that row. Download the test cases file from the link below.

https://drive.google.com/file/d/1-W0OB2_8D54X7d86mQoBzu7KHIRXK2c1/view?usp=sharing

NOTICE: When performing the checksum tests with the test cases file provided use 4euIRBUcLeluTCvejZwA as the checksum key

Untitled