The ControlKey variable passed back to the merchant is calculated using the following algorithm.
The message is created as below, with the {x} being replaced by the values for each field:
"MerchantIdentifier={x};MerchantReference={x};CorrelationIdentifier={x};CustomerIdentifier={x};CardNumber={x};Amount={x};TransactionReference={x};ErrorCode={x};ErrorDescription={x};BankReference={x};BankResponseCode={x};BankResponseDescription={x}”
If the MerchantTokenReference is different from the CustomerIdentifier then it must also be included in the ControlKey:
"MerchantIdentifier={x};MerchantReference={x};CorrelationIdentifier={x};CustomerIdentifier={x};MerchantTokenReference={x};CardNumber={x};Amount={x};TransactionReference={x};ErrorCode={x};ErrorDescription={x};BankReference={x};BankResponseCode={x};BankResponseDescription={x}”
The message is then encrypted with the merchant’s encryption key. [Merchant user encryption key saved in the payment gateway and setup by the merchant using the Payserver application - https://psp.vodacompaymentgateway.co.za/PayserverAdmin/Administration/LogOn ].
Example Encryption method (C#)
private string EncryptTheControlKey(string message, string key)
{
System.Text.ASCIIEncoding encoding = new System.Text.ASCIIEncoding();
byte[] keyByte = encoding.GetBytes(key);
HMACSHA256 hmacsha256 = new HMACSHA256(keyByte);
byte[] messageBytes = encoding.GetBytes(message);
byte[] hashmessage = hmacsha256.ComputeHash(messageBytes);
return ByteToString(hashmessage);
}
Continue to 4.4 Appendix D: Payment Gateway Response Codes
Return to 4.2 Appendix B: Encryption Algorithms
Return to Contents