Appearance
Securities
Newest version of API implements :
- Authorization Basic Header
- Usage of secure data signature. We will provide you Hash Key that only you know.
- Unique external_id and it's all different to every merchant
- Combination usage of hash key + external id + order_id to make sure all the data is send from merchant, and ultimately yours.
- Every callback from MC Payment contain mcp-signature that merchant need to handle, to make sure that every signature from us is legit based on your create signature and requested data
Request Header
| Key | Value | Requirement | Description |
|---|---|---|---|
| Authorization | "Basic "+ Base64(merchant_id+":"+secret_unbound_id) | M | Previous version was using combination of api_key:secret_key, please adjust to the newest combination |
Content-Type | application/json | M | |
x-req-signature | sha256(hash_key+external_id+order_id) | M | Unique signature every request. |
x-version | v3 | M | Internal Merchant Information (not Payment gateway version) |
| sub-merchant-id | merchant_id | C | It is mandatory if a merchant is a sub-merchant. When sending sub-merchant-id, use the hash_key of that submerchant. And the value of sub-merchant-id is submerchant_name. |