1.3 What if implementing HMAC hashing in my chosen scripting language is difficult?

If your programming language does not have an easy-to-use implementation of the HMAC function, as PHP does, then you can POST your Data string, Secret Key and Merchant Vendor ID to the following URL, using the cURL library or its equivalent:


POST parameter names and data examples Please note that the data string MUST be in the same order as shown in Section 2.1 above.

vendor = demo
data = 11111Demo Merchants1231232000722123456test@demo.comdemokesparam1param201
key = yoursecuritykey

The HTTP Stream returned is the hashid that you should pick and use. If the HTTP Stream returns the string “invalid”, then one or more of your parameters is not correct. This hashid is then supplied as one of the parameters to be sent to the iPay payment system for verification as shown on section 1.1.

iPay – Payments made Easy :: version 3.0
Please URL-encode your Call Back URL AFTER you hash the data string.
This URL-encoded call back value is the one that you should post in the iPay gateway URL parameter [cbk]
Please DO NOT hash the URL-encoded value of your Call Back URL.
The hmac algorithm used here is SHA1 it is not for use with the other hashing algorithms

If your Vendor ID ($vendor_ref) is not yet registered with iPay, then you will get an error stating this and showing you how to go about how to remedy this.