2. KnowSystem
  3. Authorisation Header

Authorisation Header


Authorisation Header

When interfacing with the Gateway endpoints, merchants can include the AuthenticationKey and AuthenticationToken in the headers for both transaction status queries and transaction submissions.

Headers


AuthenticationKey

The key consists of the username. The key and username must be in lowercase

The Username must be encoded to base64 i.e bWVyY2hhbnRwcm9maWxlPTYxNjk1NA

AuthenticationToken

The token consists of:

AuthenticationSecret

This is the secret key generated by the merchant within Backoffice, which the merchant has to store on the merchant’s system.Once the secret is generated, it remains readable in plain text for a couple of minutes, after which it is hashed.  Merchant must copy the secret immediately after the secret is generated.

 If the merchant loses their secret, a new one will have to be generated

Resource

·        Query Transaction Status & Submission of Transactions endpoint

o    REST endpoints can be referenced 

Data

  • Payload that gets posted to the PosPort URL
    • Applies to the POST method

QueryString

Query string to retrieve transactions

o   /api/transactions?applicationid={applicationid}

o   /api/transactions/{requestid}

·        only to the GET Method

Timestamp

Calculated as follows:

Timestamp

 

private static Int32 UnixTimeStampUTC()

{

    Int32 unixTimeStamp;

    DateTime currentTime = DateTime.Now;

    DateTime zuluTime = currentTime.ToUniversalTime();

    DateTime unixEpoch = new DateTime(1970, 1, 1);

    unixTimeStamp = (Int32)(zuluTime.Subtract(unixEpoch)).TotalSeconds;

    return unixTimeStamp;

}

Calculating the Token


/// <summary>

///

/// </summary>

/// <param name="sharedSecret"></param>

/// <param name="resource"></param>

/// <param name="queryString"></param>

/// <param name="data"></param>

/// <param name="time"></param>

/// <returns></returns>

public static string GenerateAuthenticationToken(string sharedSecret, string resource, string queryString, string data, string time)

{

    byte[] sourceBytes = Encoding.UTF8.GetBytes(time)

        .Concat(Encoding.UTF8.GetBytes(resource))

        .Concat(Encoding.UTF8.GetBytes(queryString))

        .Concat(Encoding.UTF8.GetBytes(data))

        .ToArray();

    return GetHmacSha256(Encoding.ASCII.GetBytes(sharedSecret), sourceBytes);

}

 

/// <summary>

///

/// </summary>

/// <param name="sharedSecret"></param>

/// <param name="source"></param>

/// <returns></returns>

public static string GetHmacSha256(byte[] sharedSecret, byte[] source)

{

    HMACSHA256 hashString = new HMACSHA256(sharedSecret);

    var hashbytes = hashString.ComputeHash(source);

    StringBuilder digestBuilder = new StringBuilder();

    foreach (byte b in hashbytes)

    {

        digestBuilder.Append(b.ToString("x2"));

    }

    return digestBuilder.ToString();