After the redirect, the authenticity should be verified using the signature in the response. The
signatureparameter in the
return_url gives the HMAC signature computed using the algorithm specified by the
signature_algorithm parameter. The HMAC is calculated using the following algorithm:
return_urlare converted into key/value pairs.
signature_algorithmis used in the following steps.
signaturein response (the
signatureshould percentage decoded once before comparing with the generated hash).
To enable the signature generation at JusPay end for the payment response, you must first create a response key here: https://merchant.juspay.in/settings/api-keys. Once you have created a key successfully, navigate to General settings section and select “Yes” for the option “Use signed response”.
Once you have completed the above two steps, all the redirection to your website from JusPay will have signature and the algorithm.
Signature algorithm used by JusPay is HMAC-SHA256. The algorithm is explicitly passed as an argument so that verification is accurate. Newer or more secure algorithms might be introduced in future.
It is also possible to check the status using the order/status API. Based on the response object, a success confirmation page or failure message can be shown to the customer. Since this is an authenticated call, done from the server side, signature verification is not required.