Authorisation

The authorisation string should be generated by taking the steps listed below. Code examples are provided further down the page along with PHP helper classes.

To test the authorisation string your app generates matches the expected authorisation string, or to assist with debugging why an authorisation string is not working you can use the Auth Test Demo

The steps required to generate the authorisation string are as follows:

  • Generate a GMT datetime stamp with format: YmdHis
  • Concatenate the following values, in the order shown, into a query string:
    • Channel ID
    • Channel base currency
    • Transaction total in base currency
    • The GMT datetime stamp
  • Hash the string using sha256
  • Append the channel secret to the hashed string and hash again, again with sha256
  • Append the datetime stamp to this hashed and salted string

Extending Authorisation

If there are other items included in the transaction that you wish to insure against tampering, these values can also be included in the authstring.

The following fields can be included in any implementation:

  • country
  • date
  • email
  • firstname
  • reference
  • surname

You can also include the following in the Data Object Implementaion

  • allocations
  • charge_channel

IMPORTANT

  • If you include additional values in the authstring, you must declare them via the Verify Option.
  • Values must be concatenated in alphabetical order of the field they relate to with the timestamp appended afterwards
  • If you are including allocations in your authstring, the order of the fields in the allocation objects must match the order of the fields passed to the init method.
  • Arrays must be json encoded

Examples

If the language you use does not have examples shown, please send a request to techsupport@trustmytravel.com indicating the coding language you are using.

PHP

A TmtAuthstring\Create class is available on the TMT Github Page along with instructions on implementation, or you can write your own using the examples below:

Basic Implementation

// Get current time in GMT.
$time_now = new DateTime('now', new DateTimeZone('GMT'));

// Create timestamp in 'YmdHis' format. E.g. 20190812055213 
$timestamp = $time_now->format('YmdHis');

// Concatenate the values for channels, currencies, total and your timestamp in that order.
$booking_vars = [
    'channels'   => 2,
    'currencies' => 'USD',
    'total'      => 9999,
    'timestamp'  => $timestamp,
];

$string = implode('&', $booking_vars);

// SHA256 the string.
$auth_string = hash( 'sha256', $string );

// Fetch your channel secret and concatenate to string.
$secret = 'MYCHANNELSECRET123';
$salted_auth_string = hash( 'sha256', $auth_string . $secret );

// Concatenate with timestamp.
$final_auth_string = $salted_auth_string . $timestamp;

Extended

// Get current time in GMT.
$time_now = new DateTime('now', new DateTimeZone('GMT'));

// Create timestamp in 'YmdHis' format. E.g. 20190812055213 
$timestamp = $time_now->format('YmdHis');

// Concatenate the values in alphabetical order then append timestamp.
$booking_vars = [
    'allocations    => json_encode([
        [
            'channels'      => 23,
            'currencies'    => 'GBP',
            'operator'      => 'flat',
            'total'         => 1000,
        ],
    ]),
    'channels'      => 2,
    'currencies'    => 'USD',
    'reference      => 'SOMEREFERENCE',
    'total'         => 9999,
];

$booking_vars['timestamp'] = $timestamp;

$string = implode('&', $booking_vars);

// SHA256 the string.
$auth_string = hash( 'sha256', $string );

// Fetch your channel secret and concatenate to string.
$secret = 'MYCHANNELSECRET123';
$salted_auth_string = hash( 'sha256', $auth_string . $secret );

// Concatenate with timestamp.
$final_auth_string = $salted_auth_string . $timestamp;

Node JS

// Get current time in GMT.
const date = new Date();
const utcDate = new Date(date.getUTCFullYear(), date.getUTCMonth(), date.getUTCDate(), date.getUTCHours(), date.getUTCMinutes(), date.getUTCSeconds());

// Create timestamp in 'YYYYMMDDHHmmss' format. E.g. 20190812055213 
const timestamp = format(utcDate, 'YYYYMMDDHHmmss')

// Concatenate the values for channels, currencies, total and your timestamp in that order.
const bookingVars = {
    channels: 2,
    currencies: 'USD',
    total: 9999,
    timestamp: timestamp
}

let string = []
for (const key in bookingVars) {
    string.push(bookingVars[key])
}
string = string.join('&')

// SHA256 the string.
const encode = crypto.createHash('sha256').update(string).digest('hex')

// Fetch your channel secret and concatenate to string.
const { CHANNEL_SECRET } = 'MYCHANNELSECRET123'

const authString = crypto.createHash('sha256').update(
    Buffer.concat([
        new Buffer(encode),
        new Buffer(CHANNEL_SECRET)
    ])
).digest('hex')

// Concatenate with timestamp.
const appAuthString = authString + timestamp;

results matching ""

    No results matching ""