You are here:

SHA

SHA-IN

This string is constructed by concatenating the values of the fields sent with the order (sorted alphabetically, in the format ‘parameter=value’), followed by a passphrase. The passphrase is defined in the merchant’s Technical information page, under the tab “Data and Origin”, section “Checks for e-Commerce & Alias Gateway.” Please note that these values are all case sensitive when compiled to form the string before the hash!

IMPORTANT

  • All parameters that you send in will be included in the string to be hashed.
  • All parameter names should be in CAPITALS (to avoid any case confusion).
  • All parameters need to be arranged alphabetically.
  • Note that some sorting algorithms place special characters in front of the first  letter of the alphabet, while others place them at the end. If in doubt, please respect the order as displayed in the SHA list.
  • Parameters that do not have a value should NOT be included in the string to hash.
  • When you choose to transfer your test account to production via  the  link in the account menu, a random SHA-IN passphrase will be automatically configured in your production account.
  • For extra  safety, we request that you use different SHA passphrases  in test and production. Please note that if they are found to be identical, your TEST passphrase will be changed by our system (you will of course be notified).

All the parameters which can be used to send the customer to the Ingenico payment page can be found at: https://secure.ogone.com/ncol/param_cookbook.asp

Example of a basic SHA-IN calculation

Parameters:
AMOUNT: 15.00 -> 1500
CURRENCY: EUR
LANGUAGE: en_US
ORDERID: 1234
PSPID: MyPSPID

SHA Passphrase:
Mysecretsig1875!?

String to hash:
AMOUNT=1500Mysecretsig1875!?CURRENCY=EURMysecretsig1875!?
LANGUAGE=en_USMysecretsig1875!?ORDERID=1234Mysecretsig1875!?
PSPID=MyPSPIDMysecretsig1875!?

Resulting Digest (SHA-512 and UTF-8):
D1CFE8833A297D0922E908B2B44934B09EE966EF1584DC0D696304E07BB58BA71973C2383C831D878D8A243BB7D7DFFFBE53CEE21955CDFEF44FE82E551F859D

SHA test Page:
secure.ogone.com/ncol/test/testsha_utf8.asp

SHA-OUT

This string is constructed by concatenating the values of the fields sent in the postsale (the parameters selected on the Feedback tab section Dynamic e-Commerce parameters), The passphrase is defined in the merchant’s Technical information page, under the tab “Feedback”, section “SHA-OUT pass phrase” Please note that these values are all case sensitive when compiled to form the string before the hash!

Important:

  • All parameters that you send, will be included in the string to hash.
  • All parameter names should be in UPPERCASE (to avoid any case confusion).
  • All parameters need to be put alphabetically.
  • Parameters that do not have a value should NOT be included in the string to hash.
  • For extra safety, we request that you to use different SHA passwords for TEST and PROD. Please note that if they are found to be identical, your TEST password will be changed by the Ingenico system (you will of course be notified).

All the parameters which can be used,  can be found at: https://secure.ogone.com/ncol/param_cookbook.asp

Example of a basic SHA-OUT calculation

Parameters:
ACCEPTANCE: 1234
AMOUNT: 15.00
BRAND: VISACARDNO: xxxxxxxxxxxx1111
CURRENCY: EUR
NCERROR: 0
ORDERID: 12
PAYID: 32100123
PM: CreditCard
STATUS: 9

SHA Passphrase:
Mysecretsig1875!?

String to hash:
ACCEPTANCE=1234Mysecretsig1875!?
AMOUNT=15.00Mysecretsig1875!?
BRAND=VISAMysecretsig1875!?
CARDNO=xxxxxxxxxxxx1111Mysecretsig1875!?
CURRENCY=EURMysecretsig1875!?
NCERROR=0Mysecretsig1875!?
ORDERID=12Mysecretsig1875!?
PAYID=32100123Mysecretsig1875!?
PM=CreditCardMysecretsig1875!?
STATUS=9Mysecretsig1875!?

Resulting Digest (SHA-512):
E1B1FA6FBD65A111E8FDFE5A3C63D6F5CD9DD2D01B39D14D31D50233FF63244409C35C3C7982D43FB15D53566A0AEB96FBA01D744D92FB5C82E8DAC5EE23A826