Signature

To ensure communication between two parties is not altered or tampered with and prove the authenticity of the request, both parties have to implement a digital signature on every request. The signature is generated from an unencrypted payload, and then will be sent via Signature header in base64 format. On the opposite side, the partner needs to decrypt the payload first, before verifying the signature that has been sent.

Partner must save the signature and decrypted payload that has been sent on every Payment Request, in case there is a need for data synchronization and data discrepancy cases.

Examples

Please refer to this: https://github.com/tokopedia/cryptography-example