How are the Security configuration settings in Payment Pages used?

Created by Richard Moore, Modified on Wed, 12 Apr 2023 at 12:02 PM by Richard Moore

Here's a breakdown:

























Setting Name Affected Parameter(s) Explanation
HMAC Calculation

x_fp_hash


x_MD5_Hash


x_SHA1_Hash



This setting determines the encryption algorithm used to generate hash values. 


Setting it to MD5 means that:



  • merchant must calculate x_fp_hash using HMAC-MD5

  • E-xact will sign the transaction results using MD5 and return it as x_MD5_Hash


Setting it to SHA1 means that:



  • merchant must calculate x_fp_hash using HMAC-SHA1

  • E-xact will sign the transaction results using SHA1 and return it as x_SHA1_Hash



Transaction Key


x_fp_hash

The Transaction Key is used by the merchant to generate x_fp_hash, which needs to be included as part of the payment request form. 


The x_fp_hash value allows E-xact to validate that the payment request was generated by the merchant's server, and that key parts of the payment request such as amount and timestamp have not been modified by a third party.


Response Key

x_MD5_Hash


x_SHA1_Hash



When E-xact sends transaction results to the merchant, we'll sign it with a cryptographic hash and return the hashed value as either x_MD5_Hash or x_SHA1_Hash depending on the "HMAC Calculation" setting.  The merchant can use this value to verify that the message is coming from E-xact.


Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select atleast one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article