X-verify Generation

PhonePe uses X-verify signature to ensure that API requests and responses shared between your application and PhonePe have not been tampered at the time of communication between both systems. SHA256 is used to ensure the safety of transaction data.

X-verify should be generated by using a SHA256(base64 encoded Body + apiEndPoint + salt) + ### + saltIndex)

The salt key used should be appended with ### to the checksum value in the checksum attribute
If the value of any parameter is null, it should not be included in the calculation of the checksum

  • The salt key used should be appended with ### to the checksum value in the checksum attribute
  • If the value of any parameter is null, it should not be included in the calculation of the checksum