Every request to and response from Worldnet includes an MD5 HASH parameter.
This is a security feature to ensure that none of the sensitive data in the request has been modified by a “man-in-the-middle” attack. This is achieved by including all the sensitive fields in a string (these vary per request type) along with the shared secret (configured per terminal). This string is then used as the basis of an MD5 HASH.
In this document, when an MD5 input string is listed such as:
you should not include the “+” symbols in the calculation.
For the example in the first section below if the shared secret was “x4n35c32RT” then the MD5 HASH would be calculated as:
and would equal to:
Note that the MD5 function should always use a character encoding of UTF-8 where appropriate, as should all data sent to us.