时间戳

首页 > 解决方案 > 使用 PHP curl 对直接发布 API 进行发布调用时出现 Securepay Invalid Fingerprint 错误

php - 使用 PHP curl 对直接发布 API 进行发布调用时出现 Securepay Invalid Fingerprint 错误

问题描述

我使用https://www.securepay.com.au/wp-content/uploads/2017/06/Direct_Post_Integration_Guide.pdf提供的 Securepay 的直接发布 api 文档创建了一个示例脚本

这是脚本代码:

$test_url = "https://test.api.securepay.com.au/directpost/authorise";
$EPS_MERCHANTID = "ABC0001"; //manual id
$Transaction_Password = "abc123"; // manual password
$EPS_TXNTYPE = 0; //sending default
$EPS_REFERENCEID = "1234"; //manual order id
$EPS_AMOUNT = "20.77";
$EPS_TIMESTAMP = gmdate('Ymdhis');
$hash_string = "$EPS_MERCHANTID|$Transaction_Password|$EPS_TXNTYPE|$EPS_REFERENCEID|$EPS_AMOUNT|$EPS_TIMESTAMP";
$sha_256_string = hash('SHA256',$hash_string);

//card details
$EPS_CARDNUMBER = "4444333322221111";
$EPS_EXPIRYMONTH = "01";
$EPS_EXPIRYYEAR = "2020";
$EPS_CCV = 123;
$EPS_CURRENCY = "AUD";

$post_data = "EPS_MERCHANT=".$EPS_MERCHANTID
."&EPS_TXNTYPE=".$EPS_TXNTYPE
."&EPS_AMOUNT=".$EPS_AMOUNT
."&EPS_REFERENCEID=".$EPS_REFERENCEID
."&EPS_TIMESTAMP=".$EPS_TIMESTAMP
."&EPS_CARDNUMBER=".$EPS_CARDNUMBER
."&EPS_EXPIRYMONTH=".$EPS_EXPIRYMONTH
."&EPS_EXPIRYYEAR=".$EPS_EXPIRYYEAR
."&EPS_CCV=".$EPS_CCV
."&EPS_RESULTURL="."https://mydomain.com.au/pay.php" //custom url form - mydomain.com.au is replaced with personal domain
."&EPS_CURRENCY=".$EPS_CURRENCY
."&EPS_FINGERPRINT=".$sha_256_string;

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $test_url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
$ch_result = curl_exec($ch);
print_r($ch_result);

此脚本输出错误“无效指纹”。

任何解决此问题的帮助将不胜感激。

标签: phpcurlsecurepay

解决方案

现在,在安全的薪酬支持和一些研究的帮助下,这个问题得到了解决。

上面的代码有两个错误:

  1. 指纹应使用 HMAC 加密,交易密码应用作机密。

    $sha_256_string = hash_hmac('SHA256',$hash_string,$Transaction_Password);

  2. GMT 时间戳应使用 24 小时格式

    $EPS_TIMESTAMP = gmdate('YmdGis', time());

推荐阅读