Access to SolidGate API

Authorization is required for transmitting requests to SolidGate. It can be performed by signing each client's request to API. The control signature of the payment notification details allows the merchant system to verify both the source and the integrity of the payment notification details transmitted between merchant and gateway.

Merchant ID and its secret key shall be applied in order to calculate the signature.

Headers of each request are to be placed in the following additional fields

ParameterDescriptionExample
MerchantUnique merchant identification. Shall be shared at the moment of registration.Test_Merchant
SignatureSignature of request. It allows verifying whether the request from the merchant is genuine on the payment gateway server.MjNiYjVj…ZhYmMxMzNiZDY=

Signature Creation

Value of a signature is base64-coding of hash function SHA-512.

As for encryption key, merchant's secret key shall be applied. As for signature data, the following string shall be used:

merchantId + requestJsonData + merchantId

  • merchantID - unique merchant identification;
  • requestJsonData - request body (JSON string).

Example of signature creation in PHP

/**
 * @param string $data
 *
 * @return string
 */

private function generateSignature($data)
{
    return base64_encode(
        hash_hmac('sha512',
            $this->getMerchantId() . $data . $this->getMerchantId(),
            $this->getPrivateKey())
    );
}
  • data - request body (JSON string)
  • merchantId - unique merchant identification
  • privateKey - secret code for request signature. It's provided at the moment of merchant registration.

If signature creation is not correct, in response you will see as follows:

Response Authentication | Fail

{
  "error": {
    "code": "1.01",
    "messages": [
      "Authentication failed"
    ]
  }
}