Knowledgebase
Downloads
ePay.dk
Search:     Advanced search
Home / Integration / Integrated payment form / MD5

MD5
Article ID: 6
Last updated: 12 Aug, 2011
Print
Email to friend
Views: 2740

What is MD5

Security is an important subject at ePay. Therefore ePay provides a MD5 solution as data is transmitted from the internet shop to ePay and back again. This MD5 solution makes sure that the right data is transmitted without the customer has done any changes to the data.

To use the MD5 solution you must create a secret key in ePay, which only you and ePay knows. This key is used to stamp the important information, which is transmitted between your internet shop and ePay.

Inbound MD5 stamping (data transmitted from the internet shop to ePay)

Here a sample MD5 key is created called MD5Key, which is stamped made by currency, amount, orderid and the secret key. If currency is "208", amount is "20000", orderid is "Order1" and the key is "ABC" the string will be formatted as currency + amount + ordered + MD5. This will look like "20820000Order1ABC". This string is the one which is MD5 stamped and the result will look like: 18aa5a1a173e5e5e6245a620b814f176. ePay do the same operation on the data received and create a MD5 stamp which will match. If the stamp does not match ePay will decline the data with an error code.

Outbound MD5 stamping (data transmitted from ePay to the internet shop)

Here the amount, ordered, transactionid and the secret key is used for the stamp which is sent to the internet shop in form of a GET parameter called "eKey". If the amount is "20000", ordered is "Order1", transactionid is "8877" and the key is ABC ePay will compound these elements so they will look like "200000Order18877ABC". ePay will make a stamp on these compound data which will look like 7fc90e52bbd23fc11d8d90dbdd94514d. In your internet shop on the accept URL you must do the same operation on the data received and do the stamp not match it means that the customer has done some manipulation on the data.

How-to integrate MD5

Below is listed 3 code examples that you can download.
The 3 code examples are PHP, C# and ASP

To setup MD5 a key must be entered in the payment system. To do so you must login to the payment system admin and goto "Settings" -> "Payment system" -> "Go to settings for the "Payment system"

Here you have 3 options for MD5 Security check
1: Don't want to use MD5 Disable the MD5 security feature
2: On accepturl only Only your accepturl will be using MD5 security check
3: On accepturl and by authorization Your accepturl and the authorization will be using MD5 security check

If using option 2 or 3 you must enter a MD5 security key in the "key" field

Example of inbound and outbound MD5
This article was:   Helpful | Not Helpful
Attached files
file c-sharp-md5.zip (4 kb)
file asp-md5.zip (7 kb)
file php-md5.zip (3 kb)

Also read
document Technical documentation for implementing integrated payment form
document How to implement the ePay Payment Window using plain HTML
document How to implement the ePay integrated payment form using plain HTML
document How to implement MD5 security check up against ePay using .NET (C-SHARP)
document How to implement the ePay integrated payment form using .NET (C-SHARP)
document How to implement the ePay integrated payment form using PHP
document How to implement MD5 security check up against ePay using PHP

Also listed in
folder Integration -> ePay Payment Window

Prev   Next
Secure your own payment form using ePay relay-script     Callback

RSS