Calculate X-Verify

Step 1: Check if your JSON format is correct at https://jsonlint.com/.

Text
{ "merchantId": "DemoMerchant", "transactionId": "TX123456789", "merchantOrderId": "M123456789", "amount": 100, "instrumentType": "MOBILE", "instrumentReference": "9xxxxxxxxxx", "message": "collect for XXX order", "email": "amitxxx75@gmail.com", "expiresIn": 180, "shortName": "DemoCustomer", "subMerchant": "DemoMerchant", "storeId": "store1", "terminalId": "terminal1" }

Step 2: Encode above request to base64. You can check the correct encoding at
https://www.base64encode.org/

Text
Example of the above encoding: ewoJIm1lcmNoYW50SWQiOiAiRGVtb01lcmNoYW50IiwKCSJ0cmFuc2FjdGlvbklkIjogIlRYMTIzNDU2Nzg5IiwKCSJtZXJjaGFudE9yZGVySWQiOiAiTTEyMzQ1Njc4OSIsCgkiYW1vdW50IjogMTAwLAoJImluc3RydW1lbnRUeXBlIjogIk1PQklMRSIsCgkiaW5zdHJ1bWVudFJlZmVyZW5jZSI6ICI5eHh4eHh4eHh4eCIsCgkibWVzc2FnZSI6ICJjb2xsZWN0IGZvciBYWFggb3JkZXIiLAoJImVtYWlsIjogImFtaXR4eHg3NUBnbWFpbC5jb20iLAoJImV4cGlyZXNJbiI6IDE4MCwKCSJzaG9ydE5hbWUiOiAiRGVtb0N1c3RvbWVyIiwKCSJzdWJNZXJjaGFudCI6ICJEZW1vTWVyY2hhbnQiLAoJInN0b3JlSWQiOiAic3RvcmUxIiwKCSJ0ZXJtaW5hbElkIjogInRlcm1pbmFsMSIKfQ==

Step 3: Calculate X-VERIFY

SHA256(only base64 encoded str+ “/v3/service/access” + salt key) + ### + salt index

Text
SHA256 OF (ewoJIm1lcmNoYW50SWQiOiAiRGVtb01lcmNoYW50IiwKCSJ0cmFuc2FjdGlvbklkIjogIlRYMTIzNDU2Nzg5IiwKCSJtZXJjaGFudE9yZGVySWQiOiAiTTEyMzQ1Njc4OSIsCgkiYW1vdW50IjogMTAwLAoJImluc3RydW1lbnRUeXBlIjogIk1PQklMRSIsCgkiaW5zdHJ1bWVudFJlZmVyZW5jZSI6ICI5eHh4eHh4eHh4eCIsCgkibWVzc2FnZSI6ICJjb2xsZWN0IGZvciBYWFggb3JkZXIiLAoJImVtYWlsIjogImFtaXR4eHg3NUBnbWFpbC5jb20iLAoJImV4cGlyZXNJbiI6IDE4MCwKCSJzaG9ydE5hbWUiOiAiRGVtb0N1c3RvbWVyIiwKCSJzdWJNZXJjaGFudCI6ICJEZW1vTWVyY2hhbnQiLAoJInN0b3JlSWQiOiAic3RvcmUxIiwKCSJ0ZXJtaW5hbElkIjogInRlcm1pbmFsMSIKfQ==/v3/charge+”SALTKEY”).

SALT KEY will be shared by the PhonePe team corresponding to your Merchant ID.

Text
Example: "keyIndex":1,"key":"6b451f58-d565-4890-836f-6fb1gjt84d97", "keyIndex":2,"key":"487667h6e9-91d3-4dfa-930a-8d3813745441" Use one of the keys to generate SHA256. SHA256 OF (ewoJIm1lcmNoYW50SWQiOiAiRGVtb01lcmNoYW50IiwKCSJ0cmFuc2FjdGlvbklkIjogIlRYMTIzNDU2Nzg5IiwKCSJtZXJjaGFudE9yZGVySWQiOiAiTTEyMzQ1Njc4OSIsCgkiYW1vdW50IjogMTAwLAoJImluc3RydW1lbnRUeXBlIjogIk1PQklMRSIsCgkiaW5zdHJ1bWVudFJlZmVyZW5jZSI6ICI5eHh4eHh4eHh4eCIsCgkibWVzc2FnZSI6ICJjb2xsZWN0IGZvciBYWFggb3JkZXIiLAoJImVtYWlsIjogImFtaXR4eHg3NUBnbWFpbC5jb20iLAoJImV4cGlyZXNJbiI6IDE4MCwKCSJzaG9ydE5hbWUiOiAiRGVtb0N1c3RvbWVyIiwKCSJzdWJNZXJjaGFudCI6ICJEZW1vTWVyY2hhbnQiLAoJInN0b3JlSWQiOiAic3RvcmUxIiwKCSJ0ZXJtaW5hbElkIjogInRlcm1pbmFsMSIKfQ==/v3/charge6b451f58-d565-4890-836f-6fb1gjt84d97) Which will be: 83A41A36020D6FD2F0E0F02528ADB8784D7800BD56C6C743A28FC49319A4FFDAF8B40A2F3F475BD40968E4644690F874AE63AE744BCE602EC577E1BEBE2364B1

You can validate the value at https://passwordsgenerator.net/sha256-hash-generator/

Once SHA256 is calculated, you should calculate the X-VERIFY header value.

SHA256(only base64 encoded str+ “/v3/charge” + salt key) + ### + salt index

Text
X-VERIFY : 83A41A36020D6FD2F0E0F02528ADB8784D7800BD56C6C743A28FC49319A4FFDAF8B40A2F3F475BD40968E4644690F874AE63AE744BCE602EC577E1BEBE2364B1###1

Where 1 is keyIndex as shared above.

So the request should be:

Text
curl -X POST \ https://mercury-uat.phonepe.com/v3/charge \ -H 'content-type: application/json' \ -H 'x-verify: 5BB903E40D045733B3D10B2E0CC62FE4D7BC401FF98F014824DFB33B09E620AB###1' \ -d '{ "request": "ewoJIm1lcmNoYW50SWQiOiAiRGVtb01lcmNoYW50IiwKCSJ0cmFuc2FjdGlvbklkIjogIlRYMTIzNDU2Nzg5IiwKCSJtZXJjaGFudE9yZGVySWQiOiAiTTEyMzQ1Njc4OSIsCgkiYW1vdW50IjogMTAwLAoJImluc3RydW1lbnRUeXBlIjogIk1PQklMRSIsCgkiaW5zdHJ1bWVudFJlZmVyZW5jZSI6ICI5eHh4eHh4eHh4eCIsCgkibWVzc2FnZSI6ICJjb2xsZWN0IGZvciBYWFggb3JkZXIiLAoJImVtYWlsIjogImFtaXR4eHg3NUBnbWFpbC5jb20iLAoJImV4cGlyZXNJbiI6IDE4MCwKCSJzaG9ydE5hbWUiOiAiRGVtb0N1c3RvbWVyIiwKCSJzdWJNZXJjaGFudCI6ICJEZW1vTWVyY2hhbnQiLAoJInN0b3JlSWQiOiAic3RvcmUxIiwKCSJ0ZXJtaW5hbElkIjogInRlcm1pbmFsMSIKfQ==" }'