Skip to main content
Version: Lastest

Security

1. How to generate signature for API Transfer money

Example of parameters passed to the API

{
  "bankCode": "TPBANK",
  "accountNo": "132100132400000",
  "accountType": "account",
  "accountName": "NGUYEN VAN A",
  "amount": 50000,
  "feeType": "payer",
  "partnerRefId": "Partner9999",
  "message": "ck tien",
  "customerPhoneNumber": "0374720460",
  "contractNumber": "1234567",
  "channel": "citad",
  "bankId": "11223344",
  "signature": "b5bb9a6e9c71281fb1e9js"
}

The order of parameters to create the signature will be sorted alphabetically.
The parameters are included into signature: accountName + accountNo + accountType + amount + bankCode + bankId + channel + contractNumber + customerPhoneNumber + feeType + message + partnerRefId
The string generated with the above parameters will be:

"accountName=NGUYEN VAN A&accountNo=132100132400000&accountType=account&amount=50000&bankCode=TPBANK&bankId=11223344&channel=citad&contractNumber=1234567&customerPhoneNumber=0374720460&feeType=payer&message=ck tien&partnerRefId=Partner9999"

signature = HMAC_SHA256("accountName=AP APPOTAPAY&accountNo=9704000000000018&accountType=card&amount=10000&bankCode=APPOTA_TEST&bankId=11223344&channel=citad&contractNumber=1234567&customerPhoneNumber=0374720460&feeType=payer&message=Test transfer payment&partnerRefId=mBC5n7jU3", YOUR_SECRET_KEY)

Example response of the API

{
  "errorCode": 0,
  "message": "Thành công",
  "transaction": {
    "amount": 50000,
    "transferAmount": 50000,
    "appotapayTransId": "AP19992831832",
    "time": "27-10-2021 10:03:59"
  },
  "account": {
    "balance": 2000000
  },
  "signature": "b5bb9a6e9c71281fb1e06d"
}

The order of parameters to create the signature will be sorted alphabetically.
The parameters are included into signature: (amount + appotapayTransId + errorCode + time + transferAmount)
The string generated with the above parameters will be:

"amount=50000&appotapayTransId=AP19992831832&errorCode=0&time=27-10-2021 10:03:59&transferAmount=50000"

signature = HMAC_SHA256("amount=50000&appotapayTransId=AP19992831832&errorCode=0&time=27-10-2021 10:03:59&transferAmount=50000", YOUR_SECRET_KEY)

2. How to generate signature for API Check status transaction

Example response of the API

{
  "errorCode": 0,
  "message": "Thành công",
  "transaction": {
    "phoneNumber":"0987777888",
    "amount":50000,
    "transferAmount":50000,
    "appotapayTransId":"01EQTH129581",
    "accountNo":"9704000000000018",
    "accountName":"AP APPOTAPAY",
    "time": 1608778440
  },
  "signature": "b5bb9a6e9c71281fb1e06d"
}

The order of parameters to create the signature will be sorted alphabetically.
The parameters are included into signature: (amount + appotapayTransId + errorCode + time + transferAmount)
The string generated with the above parameters will be:

"amount=50000&appotapayTransId=01EQTH129581&errorCode=0&time=1608778440&transferAmount=50000"

signature = HMAC_SHA256("accountNo=132100132400000&accountType=account&bankCode=TPBANK&partnerRefId=P199212928", YOUR_SECRET_KEY)

3. How to generate signature to check Process transaction pending

Example of parameters passed

{
  "errorCode": 0,
  "message": "Thành công",
  "transaction": {
    "amount": 50000,
    "transferAmount": 50000,
    "transferStatus": "success",
    "appotapayTransId": "AP19992831832",
    "partnerRefId": "615fb520099dq4",
    "time": "27-10-2021 10:03:59"
  },
  "signature": "681b80d9dff4bc8d17c8b07ee3ef0fb8e3f1a12148184507c7d80a0bee6efe6d"
}

The order of parameters to create the signature will be sorted alphabetically.
The parameters are included into signature: (amount + appotapayTransId + errorCode + partnerRefId + time + transferAmount + transferStatus)
The string generated with the above parameters will be:

"amount=50000&appotapayTransId=AP19992831832&errorCode=0&partnerRefId=615fb520099dq4&time=27-10-2021 10:03:59&transferAmount=50000&transferStatus=success"

signature = HMAC_SHA256("amount=50000&appotapayTransId=AP19992831832&errorCode=0&partnerRefId=615fb520099dq4&time=27-10-2021 10:03:59&transferAmount=50000&transferStatus=success", YOUR_SECRET_KEY)

4. How to generate signature for API Check account info

Example of parameters passed to the API

{
  "bankCode": "TPBANK",
  "accountNo": "132100132400000",
  "accountType": "account",
  "partnerRefId":"P199212928",
  "signature": "b5bb9a6e9c71281fb1e06d"
}

The order of parameters to create the signature will be sorted alphabetically.
The parameters are included into signature: (bankCode + accountNo + accountType + partnerRefId)
The string generated with the above parameters will be:

accountNo=132100132400000&accountType=account&bankCode=TPBANK&partnerRefId=P199212928

signature = HMAC_SHA256("accountNo=132100132400000&accountType=account&bankCode=TPBANK&partnerRefId=P199212928", YOUR_SECRET_KEY)

Example response of the API

{
  "errorCode": 0,
  "message": "Thành công",
  "accountInfo": {
    "accountNo":13210013240000,
    "accountName":"NGUYEN VAN A",
    "bankCode":"TPBANK",
    "accountType":"account"
  },
  "signature": "b5bb9a6e9c71281fb1e06d"
}

The order of parameters to create the signature will be sorted alphabetically.
The parameters are included into signature: (accountName + accountNo + errorCode)
The string generated with the above parameters will be:

"accountName=NGUYEN VAN A&accountNo=13210013240000&errorCode=0"

signature = HMAC_SHA256("accountName=NGUYEN VAN A&accountNo=13210013240000&errorCode=0", YOUR_SECRET_KEY)