3.1. Hash Parameter

Knowledge Base

Get help for payment solutions. Search our articles or browse by category below.

3.1 HASH Parameters

Every request to and response from Worldnet includes an MD5 HASH parameter. This is a security feature to ensure that none of the sensitive data in the request has been modified by a “man-in-the-middle” attack. This is achieved by including all the sensitive fields in a string (these vary per request type) along with the shared secret (configured per terminal). This string is then used as the basis of an MD5 HASH.

In this document, when an MD5 input string is listed such as:

TERMINALID+ORDERID+AMOUNT+DATETIME+secret

you should not include the “+” symbols in the calculation.

For the example in the first section below if the shared secret was “x4n35c32RT” then the MD5 HASH would be calculated as:

md5(“6491002328110.0015-3-2006:10:43:01:673x4n35c32RT”)

and would equal to:

dd77fde79d1039d6b39e20d748211530


Note that the MD5 function should always use a character encoding of UTF-8 where appropriate, as should all data sent to us.

Copyright © 2017 Worldnet Knowledge Base | Powered by DokuWiki
developer/integrator_guide/3._integration_notes/3.1._hash_parameter.txt · Last modified: 2016/07/26 10:55 (external edit)