Signature Authentication

To ensure the security of requests, the signature must be included in the body request. The signature is generated using the HMAC-SHA256 algorithm, which combines your merchant ID, external ID, and merchant key.

Signature Generation

To generate the signature, use the following formula:

signature = HMAC-SHA256(merchant_id + external_id, merchant_key)

merchant_id: Your unique identifier provided by Zipay.
external_id: The unique ID for each transaction, generated on your side.
merchant_key: Your private key provided by Zipay, used for encrypting the signature.

Example

If your merchant_id is 123456, your external_id is EXTID123, and your merchant_key is 4a578df2-518b-40f7-9c85-0353f2a4caef, you can generate the signature as follows:

signature = HMAC-SHA256("123456EXTID123", "4a578df2-518b-40f7-9c85-0353f2a4caef")

The resulting signature should then be added to the request body as follows:

"signature": "204872eeea063c84e4306bf297e9d78c7f4fd4bd8ea64e55439aaa2310f98b1f"

Request Example With Signature

URL: https://api.zipay.co.id/payment/qr/create
Method: POST
Headers:
- Content-Type: application/json or x-www-form-urlencoded
- Authorization: Bearer <YOUR_BEARER_TOKEN>

{
  "amount": 10000,
  "externalId": "EXTID123",
  "merchantId": "123456",
  "signature": "204872eeea063c84e4306bf297e9d78c7f4fd4bd8ea64e55439aaa2310f98b1f"
}

Introduction Response Codes