Skip to main content
Version: Lastest

Security

1. How to generate signature for API Mobile Topup

Example of parameters passed to the API

{
  "partnerRefId": "AB123",
  "telco": "viettel",
  "telcoServiceType": "prepaid",
  "phoneNumber": "0866123456",
  "productCode": "viettel_10",
  "signature": "5a2774918a29cf4d2bdb78cccceb956f4c27837fad09a03a56e1df68b1bf29dd"
}

The order of parameters to create the signature will be sorted alphabetically.
The parameters are included into signature: partnerRefId + phoneNumber + productCode + telco + telcoServiceType
The string generated with the above parameters will be:

"partnerRefId=AB123&phoneNumber=0866123456&productCode=viettel_10&telco=viettel&telcoServiceType=prepaid"

signature = HMAC_SHA256("partnerRefId=AB123&phoneNumber=0866123456&productCode=viettel_10&telco=viettel&telcoServiceType=prepaid", YOUR_SECRET_KEY)

Example response of the API

{
  "errorCode": 0,
  "message": "Thành công",
  "transaction": {
    "phoneNumber": "0866123456",
    "amount": 100000,
    "topupAmount": 100000,
    "productCode": "viettel_10",
    "appotapayTransId": "01JCM8K321W0ZFHK99T8JBXR2P",
    "time": "14-11-2024 09:38:43"
  },
  "account": {
    "balance": 3402291841
  },
  "signature": "c0bd34c43314165b1474c190c71fee22bca6bd0cf8273853bb9acb510d6063bf"
}

The order of parameters to create the signature will be sorted alphabetically.
The parameters are included into signature: amount + appotapayTransId + topupAmount + errorCode + time + phoneNumber + productCode
The string generated with the above parameters will be:

"amount=100000&appotapayTransId=01JCM8K321W0ZFHK99T8JBXR2P&errorCode=0&phoneNumber=0866123456&productCode=viettel_10&time=14-11-2024 09:38:43&topupAmount=100000"

signature = HMAC_SHA256("amount=100000&appotapayTransId=01JCM8K321W0ZFHK99T8JBXR2P&errorCode=0&phoneNumber=0866123456&productCode=viettel_10&time=14-11-2024 09:38:43&topupAmount=100000", YOUR_SECRET_KEY)

2. How to generate signature for API Check transaction status

Example response of the API

{
  "errorCode": 0,
  "message": "Thành công",
  "transaction": {
    "phoneNumber": "0866123456",
    "amount": 100000,
    "topupAmount": 100000,
    "appotapayTransId": "01JCM8K321W0ZFHK99T8JBXR2P",
    "time": "14-11-2024 09:38:43"
  },
  "signature": "c0bd34c43314165b1474c190c71fee22bca6bd0cf8273853bb9acb510d6063bf"
}

The order of parameters to create the signature will be sorted alphabetically.
The parameters are included into signature: amount + appotapayTransId + topupAmount + errorCode + time + phoneNumber
The string generated with the above parameters will be:

"amount=100000&appotapayTransId=01JCM8K321W0ZFHK99T8JBXR2P&errorCode=0&phoneNumber=0866123456&time=14-11-2024 09:38:43&topupAmount=100000"

signature = HMAC_SHA256("amount=100000&appotapayTransId=01JCM8K321W0ZFHK99T8JBXR2P&errorCode=0&phoneNumber=0866123456&time=14-11-2024 09:38:43&topupAmount=100000", YOUR_SECRET_KEY)