π TARAPAY Signature Verification Test
βΉοΈ Informasi: File ini untuk testing verifikasi signature TARAPAY di XAMPP
π Test 2: Callback Payment Response
| Timestamp | 1766748726107 |
| Nonce | 100e80106ba9417290f436fe252142e1 |
| Response Body | {"amount":"10000.00","completionTime":"2025-12-26T18:25:32+07:00","fee":"100","mchOrderNo":"DP20251226000010748519","merchantId":3000155,"nonceStr":"KkaEhLtIYgNyFH9w3A6frdTX4b8ijMl2","orderNo":"PAYIN39527704299792392918858414","remark":"d60f9883-1ed2-4343-b42b-e5353bfb6164","orderStatus":2,"payCode":"00020101021226740025ID.CO.BANKNEOCOMMERCE.WWW011893600490591008046002120005200006120303URE51550025ID.CO.BANKNEOCOMMERCE.WWW0215BNC2311131767850303URE5204152053033605405100005802ID5913Ayolinx_Name26014TIMOR TENG SEL6105855626233012230020045099718816358410703A0163046FF4","productCode":"31","payUrl":"https://sit-marketing-img.bankneo.co.id/qris/merchant/img/Di0aPuBJQMdO3768LCk-VuOB4H9siHFbWf3FJiIyYu4.png","settleDate":"","additionalInfo":{"RRN":"0"}} |
| Signature | kcdBnVG+AmYAn62CgUqD3yc5mrMFTBj7Wptx/iq4EZxoQxG8rqy73CqTiVKaYPakQaRKGxUs+rA9/dvYRYytg8qKkdCMu4TVDw6TLa2+3xiAmnC1tjkYAWs5RxE0B97BnuTxCPf7AqPAwz1EgryS72LQTC6y8KeCVsYnMiozUu5TrFn5gcI1t9fGsaoo+/vngl5vh3Tkps679JpFl8XoGCbxlt94l0f1UxhtlPfysUITgOvyKpl71G1yn0T8CH4JuIWpKy3VReL7pUcFkugDYyBRhxjgyzQKBMGox+icj3yzrAzw3OPCeOxQXM8y1Z1c7Brg0KLoKZXBRmRBd1atWg== |
| Order No | PAYIN39527704299792392918858414 |
| Amount | Rp 10,000.00 |
β Signature is INVALID
Content yang diverifikasi:1766748726107\n
100e80106ba9417290f436fe252142e1\n
{"amount":"10000.00","completionTime":"2025-12-26T18:25:32+07:00","fee":"100","mchOrderNo":"DP20251226000010748519","merchantId":3000155,"nonceStr":"KkaEhLtIYgNyFH9w3A6frdTX4b8ijMl2","orderNo":"PAYIN3...\n
πCreate Signature dengan Private Key
| Timestamp | 1766748726107 |
| Nonce | 100e80106ba9417290f436fe252142e1 |
| Request Body | {"amount":"10000.00","completionTime":"2025-12-26T18:25:32+07:00","fee":"100","mchOrderNo":"DP20251226000010748519","merchantId":3000155,"nonceStr":"KkaEhLtIYgNyFH9w3A6frdTX4b8ijMl2","orderNo":"PAYIN39527704299792392918858414","remark":"d60f9883-1ed2-4343-b42b-e5353bfb6164","orderStatus":2,"payCode":"00020101021226740025ID.CO.BANKNEOCOMMERCE.WWW011893600490591008046002120005200006120303URE51550025ID.CO.BANKNEOCOMMERCE.WWW0215BNC2311131767850303URE5204152053033605405100005802ID5913Ayolinx_Name26014TIMOR TENG SEL6105855626233012230020045099718816358410703A0163046FF4","productCode":"31","payUrl":"https://sit-marketing-img.bankneo.co.id/qris/merchant/img/Di0aPuBJQMdO3768LCk-VuOB4H9siHFbWf3FJiIyYu4.png","settleDate":"","additionalInfo":{"RRN":"0"}} |
β
Signature berhasil dibuat
Generated Signature:jacwr0G3BMEZBStA8bVOySKi1W/A2dveZLdd6DjZ8Jxh1ndYoUQlwEULxp/WWjrXRPggEOyOyiO6c1r7sKzTn8aiOeI6KBB/fwehW2WypCyoevQGOWCHUfWzBaHlZVOs0ClpTgRgQTudTOh3wdxb8O1YCIuLrixwios0PQjdFxMwIWvno7JC+ux0139MwlMKHZYKqJ586bQWND+WQxxaSlNS0JvqTKXgMT0v4hr1zxU0nqp4Q9yetXb+axerekSMCBcEarRT2Fsq2ONJ9hiN0P//N4kiR2lC+7zuE8YNFQ132gTQO0oHNHKmgxyfEhPaXGGrYsSHHYb0jq5YbxefSQ==
Verifikasi signature yang baru dibuat:β
Self-verification: VALID (Signature yang dibuat bisa diverifikasi dengan public key)
Example HTTP Headers untuk Request ke TARAPAY:tarapay-timestamp: 1766748726107
tarapay-nonce: 100e80106ba9417290f436fe252142e1
tarapay-signature: jacwr0G3BMEZBStA8bVOySKi1W/A2dveZLdd6DjZ8Jxh1ndYoUQlwEULxp/WWjrXRPggEOyOyiO6c1r7sKzTn8aiOeI6KBB/fwehW2WypCyoevQGOWCHUfWzBaHlZVOs0ClpTgRgQTudTOh3wdxb8O1YCIuLrixwios0PQjdFxMwIWvno7JC+ux0139MwlMKHZYKqJ586bQWND+WQxxaSlNS0JvqTKXgMT0v4hr1zxU0nqp4Q9yetXb+axerekSMCBcEarRT2Fsq2ONJ9hiN0P//N4kiR2lC+7zuE8YNFQ132gTQO0oHNHKmgxyfEhPaXGGrYsSHHYb0jq5YbxefSQ==
Content-Type: application/json
π Test 5: Decode dan Analisis Signature
Signature yang akan di-decode:
kcdBnVG+AmYAn62CgUqD3yc5mrMFTBj7Wptx/iq4EZxoQxG8rqy73CqTiVKaYPakQaRKGxUs+rA9/dvYRYytg8qKkdCMu4TVDw6TLa2+3xiAmnC1tjkYAWs5RxE0B97BnuTxCPf7AqPAwz1EgryS72LQTC6y8KeCVsYnMiozUu5TrFn5gcI1t9fGsaoo+/vngl5vh3Tkps679JpFl8XoGCbxlt94l0f1UxhtlPfysUITgOvyKpl71G1yn0T8CH4JuIWpKy3VReL7pUcFkugDYyBRhxjgyzQKBMGox+icj3yzrAzw3OPCeOxQXM8y1Z1c7Brg0KLoKZXBRmRBd1atWg==
| Base64 Length | 344 characters |
| Binary Length | 256 bytes |
| Algorithm | SHA256withRSA (assumed) |
| Key Size | RSA-2048 (256 bytes signature) |
| Hexadecimal | 91c7419d51be0266009fad82814a83df27399ab3054c18fb5a9b71fe2ab8119c684311bcaeacbbdc2a9389529a60f6a441a44a1b152cfab03dfddbd8458cad83ca8a91d08cbb84d50f0e932dadbedf18809a70b5b63918016b3947113407dec19ee4f108f7fb02a3c0c33d4482bc92ef62d04c2eb2f0a78256c627322a3352ee53ac59f981c235b7d7c6b1aa28fbfbe7825e6f8774e4a6cebbf49a4597c5e81826f196df789747f553186d94f7f2b1421380ebf22a997bd46d729f44fc087e09b885a92b2dd545e2fba5470592e8036320518718e0cb340a04c1a8c7e89c8f7cb3ac0cf0dce3c278ec505ccf32d59d5cec1ae0d0a2e82995c14664417756ad5a |
βΉοΈ Catatan Penting:
Signature is a cryptographic hash that cannot be "decoded" to reveal original data. It can only be verified against the original content using the public key.
Verifikasi signature ini dengan data payment:β Signature is INVALID
π Cara Penggunaan dalam Aplikasi
?>
1. Membuat Signature untuk Request (Client to TARAPAY)
<?php
// Generate timestamp dan nonce
$timestamp = time() . "000"; // milliseconds
$nonce = md5(uniqid(rand(), true));
// Request body (JSON)
$requestBody = json_encode([
'merchantId' => 3000155,
'mchOrderNo' => 'ORDER123',
'amount' => '10000.00'
]);
// Create signature
$result = createTarapaySignature($timestamp, $nonce, $requestBody);
if ($result['success']) {
// Send request ke TARAPAY dengan headers
$headers = [
'tarapay-timestamp: ' . $timestamp,
'tarapay-nonce: ' . $nonce,
'tarapay-signature: ' . $result['signature'],
'Content-Type: application/json'
];
}
?>
2. Verifikasi Signature dari Response (TARAPAY to Client)
<?php
// Example: Verify dari webhook/callback TARAPAY
$responseBody = file_get_contents('php://input');
$timestamp = $_SERVER['HTTP_TARAPAY_TIMESTAMP'];
$nonce = $_SERVER['HTTP_TARAPAY_NONCE'];
$signature = $_SERVER['HTTP_TARAPAY_SIGNATURE'];
$result = verifyTarapaySignature($timestamp, $nonce, $responseBody, $signature);
if ($result['valid']) {
// Signature valid, process data
$data = json_decode($responseBody, true);
// Your business logic here
} else {
// Signature invalid
http_response_code(400);
echo json_encode(['error' => $result['error']]);
}
?>
π§ System Information
| PHP Version | 8.3.28 |
| OpenSSL Extension | β
Enabled |
| Server Time | 2025-12-27 17:35:30 |