Payment Pages - Security

Created by Richard Moore, Modified on Fri, 15 Mar 2024 at 04:08 PM by Anna Byazina

In this section, the encryption keys for Hosted Checkout are generated. Note that if the Payment Page is currently in use in either Demo or Production modes, generating new keys will break the existing page links. 


Do not regenerate the merchant key unless absolutely certain. 


HMAC Calculation

Two types of encryption are offered: MD5 and SHA-1. Most Hosted Checkout instances will use MD5 as the SHA-1 option is only advised for specifically requested custom solutions.  


Transaction Key

This key is one of the values used to calculate the value, "x_fp_hash". This x_fp_hash validates that the merchant’s server generated the redirect parameters correctly and serves as verification to Hosted Checkout that the form was generated by the merchant's server, and not by the customer or a third party. 


1. Press the "Generate New Transaction Key" button to produce a new value. 


Response Key

This value is specific to the Relay Response method and is one of the values used to calculate the value, "x_MD5_hash". This "x_MD5_hash" is how the Hosted Checkout system cryptographically signs transaction results returned to the merchant's server. Merchants can calculate and use the x_MD5_hash to verify that these results are being returned from Hosted Checkout and not an unknown third party. 


1. Press the "Generate New Response Key" button to produce a new value. 


Hit "Next" to proceed to the next step, "Previous" to return to the preceding screen, "Save Changes" to return at a later time or "Cancel" if editing an existing page.



Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select atleast one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article