About Hash

Payment Details Hash

The hash of the payment notification details allows the merchant system to verify both the source and the integrity of the payment notification details it receives at the Result URL in the Payment Notification.
In order to generate the hash, the WebMoney.eu Merchant service concatenates the following fields in the Payment Notification Form in the following order:

1. Merchant Number (PM_PAYMERCH_ID);
2. Payment amount (PM_PAYMENT_AMOUNT);
3. Type of payment amount (PM_PAYMENT_ATYPE);
4. Merchant Reference Number (PM_PAYMENT_NO);
5. Test/Live Mode Flag (PM_PAYTEST_MODE);
6. Transaction ID (PM_PAYSYS_TRANS_NO);
7. Transaction Date and Time (PM_PAYSYS_TRANS_DATE);
8. Secret Key (PM_PAYSECRET_KEY);

The hash algorithm used to generate the hash is SHA256. In the case of SHA256, the calculated hash will be encoded as base64 string sent in the PM_PAYHASH field, as in the commonly used Secure Hash Algorithm 256 (SHA256) algorithm.

Verification of hash value

Hash value can be verified either manually on the special page of this website or automatically on the merchant’s website according to the following algorithm:

• SHA256
  1. Create a string by concatenating the values of the fields received via the Payment Notification Form in the same order as used to create hash in the WebMoney.eu Merchant service.
  
  The value of the Secret Key in the above concatenation must be used.
  2. Calculate the hash of this string.
  3. Compare the calculated hash with the hash sent by the WebMoney.eu Merchant system in
  the PM_PAYHASH field on the Payment Notification Form .
  If the hash sent via the Payment Notification Form is identical to the hash calculated by the merchant system, the merchant can safely conclude that the values of the fields on the Payment Notification Form were not modified and payment notification details were indeed sent by the Paymer Merchant system.