Calculate X-Verify
Step 1: Check if your JSON format is correct at https://jsonlint.com/.
{
"merchantId": "DemoMerchant",
"transactionId": "TX123456789",
"merchantOrderId": "M123456789",
"amount": 100,
"instrumentType": "MOBILE",
"instrumentReference": "9xxxxxxxxxx",
"message": "collect for XXX order",
"email": "[email protected]",
"expiresIn": 180,
"shortName": "DemoCustomer",
"subMerchant": "DemoMerchant",
"storeId": "store1",
"terminalId": "terminal1"
}
Step 2: Encode above request to base64. You can check the correct encoding at
https://www.base64encode.org/
Example of the above encoding:
ewoJIm1lcmNoYW50SWQiOiAiRGVtb01lcmNoYW50IiwKCSJ0cmFuc2FjdGlvbklkIjogIlRYMTIzNDU2Nzg5IiwKCSJtZXJjaGFudE9yZGVySWQiOiAiTTEyMzQ1Njc4OSIsCgkiYW1vdW50IjogMTAwLAoJImluc3RydW1lbnRUeXBlIjogIk1PQklMRSIsCgkiaW5zdHJ1bWVudFJlZmVyZW5jZSI6ICI5eHh4eHh4eHh4eCIsCgkibWVzc2FnZSI6ICJjb2xsZWN0IGZvciBYWFggb3JkZXIiLAoJImVtYWlsIjogImFtaXR4eHg3NUBnbWFpbC5jb20iLAoJImV4cGlyZXNJbiI6IDE4MCwKCSJzaG9ydE5hbWUiOiAiRGVtb0N1c3RvbWVyIiwKCSJzdWJNZXJjaGFudCI6ICJEZW1vTWVyY2hhbnQiLAoJInN0b3JlSWQiOiAic3RvcmUxIiwKCSJ0ZXJtaW5hbElkIjogInRlcm1pbmFsMSIKfQ==
Step 3: Calculate X-VERIFY
SHA256(only base64 encoded str+ "/v3/service/access" + salt key) + ### + salt index
SHA256 OF (ewoJIm1lcmNoYW50SWQiOiAiRGVtb01lcmNoYW50IiwKCSJ0cmFuc2FjdGlvbklkIjogIlRYMTIzNDU2Nzg5IiwKCSJtZXJjaGFudE9yZGVySWQiOiAiTTEyMzQ1Njc4OSIsCgkiYW1vdW50IjogMTAwLAoJImluc3RydW1lbnRUeXBlIjogIk1PQklMRSIsCgkiaW5zdHJ1bWVudFJlZmVyZW5jZSI6ICI5eHh4eHh4eHh4eCIsCgkibWVzc2FnZSI6ICJjb2xsZWN0IGZvciBYWFggb3JkZXIiLAoJImVtYWlsIjogImFtaXR4eHg3NUBnbWFpbC5jb20iLAoJImV4cGlyZXNJbiI6IDE4MCwKCSJzaG9ydE5hbWUiOiAiRGVtb0N1c3RvbWVyIiwKCSJzdWJNZXJjaGFudCI6ICJEZW1vTWVyY2hhbnQiLAoJInN0b3JlSWQiOiAic3RvcmUxIiwKCSJ0ZXJtaW5hbElkIjogInRlcm1pbmFsMSIKfQ==/v3/charge+”SALTKEY”).
SALT KEY will be shared by the PhonePe team corresponding to your Merchant ID.
Example:
"keyIndex":1,"key":"6b451f58-d565-4890-836f-6fb1gjt84d97",
"keyIndex":2,"key":"487667h6e9-91d3-4dfa-930a-8d3813745441"
Use one of the keys to generate SHA256.
SHA256 OF
(ewoJIm1lcmNoYW50SWQiOiAiRGVtb01lcmNoYW50IiwKCSJ0cmFuc2FjdGlvbklkIjogIlRYMTIzNDU2Nzg5IiwKCSJtZXJjaGFudE9yZGVySWQiOiAiTTEyMzQ1Njc4OSIsCgkiYW1vdW50IjogMTAwLAoJImluc3RydW1lbnRUeXBlIjogIk1PQklMRSIsCgkiaW5zdHJ1bWVudFJlZmVyZW5jZSI6ICI5eHh4eHh4eHh4eCIsCgkibWVzc2FnZSI6ICJjb2xsZWN0IGZvciBYWFggb3JkZXIiLAoJImVtYWlsIjogImFtaXR4eHg3NUBnbWFpbC5jb20iLAoJImV4cGlyZXNJbiI6IDE4MCwKCSJzaG9ydE5hbWUiOiAiRGVtb0N1c3RvbWVyIiwKCSJzdWJNZXJjaGFudCI6ICJEZW1vTWVyY2hhbnQiLAoJInN0b3JlSWQiOiAic3RvcmUxIiwKCSJ0ZXJtaW5hbElkIjogInRlcm1pbmFsMSIKfQ==/v3/charge6b451f58-d565-4890-836f-6fb1gjt84d97)
Which will be:
83A41A36020D6FD2F0E0F02528ADB8784D7800BD56C6C743A28FC49319A4FFDAF8B40A2F3F475BD40968E4644690F874AE63AE744BCE602EC577E1BEBE2364B1
You can validate the value at https://passwordsgenerator.net/sha256-hash-generator/
Once SHA256 is calculated, you should calculate the X-VERIFY header value.
SHA256(only base64 encoded str+ "/v3/charge" + salt key) + ### + salt index
X-VERIFY : 83A41A36020D6FD2F0E0F02528ADB8784D7800BD56C6C743A28FC49319A4FFDAF8B40A2F3F475BD40968E4644690F874AE63AE744BCE602EC577E1BEBE2364B1###1
Where 1 is keyIndex as shared above.
So the request should be:
curl -X POST \
https://mercury-uat.phonepe.com/v3/charge \
-H 'content-type: application/json' \
-H 'x-verify: 5BB903E40D045733B3D10B2E0CC62FE4D7BC401FF98F014824DFB33B09E620AB###1' \
-d '{
"request": "ewoJIm1lcmNoYW50SWQiOiAiRGVtb01lcmNoYW50IiwKCSJ0cmFuc2FjdGlvbklkIjogIlRYMTIzNDU2Nzg5IiwKCSJtZXJjaGFudE9yZGVySWQiOiAiTTEyMzQ1Njc4OSIsCgkiYW1vdW50IjogMTAwLAoJImluc3RydW1lbnRUeXBlIjogIk1PQklMRSIsCgkiaW5zdHJ1bWVudFJlZmVyZW5jZSI6ICI5eHh4eHh4eHh4eCIsCgkibWVzc2FnZSI6ICJjb2xsZWN0IGZvciBYWFggb3JkZXIiLAoJImVtYWlsIjogImFtaXR4eHg3NUBnbWFpbC5jb20iLAoJImV4cGlyZXNJbiI6IDE4MCwKCSJzaG9ydE5hbWUiOiAiRGVtb0N1c3RvbWVyIiwKCSJzdWJNZXJjaGFudCI6ICJEZW1vTWVyY2hhbnQiLAoJInN0b3JlSWQiOiAic3RvcmUxIiwKCSJ0ZXJtaW5hbElkIjogInRlcm1pbmFsMSIKfQ=="
}'
Updated over 3 years ago