SHA-1 Request Authentication Method

To generate request with SHA-1 authentication:

1. Generate Signature,
2. Generate Request.

SHA1 Signature Generation

1. Concatenate all necessary parameters to String (also referred as a “signing string” or “signature base string”). Each API-command might have it’s own list and order of parameters to concatenate in signing string. Check it in the description of control parameter for the relevant API-command with SHA-1 authentication.NoteUse minimal monetary units for amount (i.e. cent, penny etc. For amount of 0.94 USD value in signing string will be 94, for 10.15 USD value in signing string will be 1015)For example, parameters:endpointid=1111 client_orderid=902B4FF5 amount=10.42 email=john.smith@gmail.com merchant_control=B17F59B4-A7DC-41B4-8FF9-37D986B43D20 will be concatenated to the string:1111902B4FF51042john.smith@gmail.comB17F59B4-A7DC-41B4-8FF9-37D986B43D20
2. Sign the received string using SHA-1:Java SHA-1 Generation Example:package com.Billblend; import java.nio.charset.StandardCharsets; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; public class HashTextTest { /** * @param args * @throws NoSuchAlgorithmException */ public static void main(String[] args) throws NoSuchAlgorithmException { System.out.println(sha1(“test string to sha1”)); } static String sha1(String input) throws NoSuchAlgorithmException { MessageDigest mDigest = MessageDigest.getInstance(“SHA1”); byte[] result = mDigest.digest(input.getBytes(StandardCharsets.UTF_8)); StringBuilder sb = new StringBuilder(); for (byte b : result) { sb.append(Integer.toString((b & 0xff) + 0x100, 16).substring(1)); } return sb.toString(); } } JavaScript SHA-1 Generation Example<script src=”http://crypto-js.googlecode.com/svn/tags/3.1.2/build/rollups/sha1.js”></script> <script type=”text/javascript”> var sha1value = CryptoJS.SHA1(“test string to sha1”); </script> Bash + openssl SHA-1 Generation Exampleecho -n “test string to sha1” | openssl dgst -sha1 After that signature will look like this:c6bdd88a78834ef4b863b088827a459f039e8257

SHA1 Request Generation

To make request use generated signature as the value of parameter control in request body.

Example of Request:

Request method: POST
Request URI: https://pay.billblend.com/checkout/api/v2/sale/1111
Body: client_orderid=902B4FF5&order_desc=Test Order Description&first_name=John&last_name=Smith&ssn=1267&birthday=19820115&address1=100 Main st&city=Seattle&state=WA&zip_code=98102&country=US&phone=+12063582043&cell_phone=+19023384543&amount=10.42&email=john.smith@gmail.com&currency=USD&ipaddress=65.153.12.232&site_url=https://doc.billblend.com/&credit_card_number=4538977399606732&card_printed_name=CARD HOLDER&expire_month=12&expire_year=2099&cvv2=123&purpose=user_account1&control=c6bdd88a78834ef4b863b088827a459f039e8257

Example of CURL Request:

curl --data "
   client_orderid=902B4FF5
   &order_desc=Test Order Description
   &first_name=John
   &last_name=Smith
   &ssn=1267
   &birthday=19820115
   &address1=100 Main st
   &city=Seattle
   &state=WA
   &zip_code=98102
   &country=US
   &phone=+12063582043
   &cell_phone=+19023384543
   &amount=10.42
   &email=john.smith@gmail.com
   &currency=USD
   &ipaddress=65.153.12.232
   &site_url=https://doc.billblend.com/
   &credit_card_number=4538977399606732
   &card_printed_name=CARD HOLDER
   &expire_month=12
   &expire_year=2099
   &cvv2=123
   &purpose=user_account1
   &control=c6bdd88a78834ef4b863b088827a459f039e8257
" https://pay.billblend.com/checkout/api/v2/sale/1111