View Source

Request validation

Each request is escorted with a query param "key" with a value of a sha1 cached query string and a salt key. Salt key should be generated on your side and provided at the start of integration. Valid characters are A-z, 0-9. Hashing should be done without any sorting of parameters.

The query param "key" value must match sha1([SALT KEY]+[QUERY STRING])

QUERY STRING does not need to be sorted before hashing.

$requestdata = array(
            'callerId' => "danitestdev_s",
            'callerPassword' => "hidden",
            'key' => "123456789",
			....
			whole query array
        );

$salt = 'yoursalt';
$key = $requestdata['key']; 

unset($requestdata['key']); //unset key from query array

$hash = sha1($salt . http_build_query($requestdata)); //http_build_query is to create query string

if($key != $hash){ //compare key from request with your generated key
  $response = json_encode([
      'status' => '403',
      'msg' => 'INCORRECT_KEY_VALIDATION'
  ]);
  return $response; //IF KEY IS NOT THE SAME RETURN ERROR
}

// IF KEYS ARE THE SAME CONTINUE