π TARAPAY Signature Verification Test
βΉοΈ Informasi: File ini untuk testing verifikasi signature TARAPAY di XAMPP
π Test 2: Callback Payment Response
| Timestamp | 1766748332157 |
| Nonce | 1a55201eba9640e8b7f9437c894c0cd9 |
| Response Body | {"amount":"10000.00","completionTime":1766748332,"fee":"100","mchOrderNo":"DP20251226000010748519","merchantId":3000155,"nonceStr":"dxCLTvl7qOtPzUeK16XWnkbrwVRAuEMc","orderNo":"PAYIN39527704299792392918858414","orderStatus":2,"payCode":"00020101021226740025ID.CO.BANKNEOCOMMERCE.WWW011893600490591008046002120005200006120303URE51550025ID.CO.BANKNEOCOMMERCE.WWW0215BNC2311131767850303URE5204152053033605405100005802ID5913Ayolinx_Name26014TIMOR TENG SEL6105855626233012230020045099718816358410703A0163046FF4","productCode":"31","payUrl":"https:\/\/sit-marketing-img.bankneo.co.id\/qris\/merchant\/img\/Di0aPuBJQMdO3768LCk-VuOB4H9siHFbWf3FJiIyYu4.png"} |
| Signature | p57wlR7C/K/m7DjMiKFWoHCWqzDOciTwfU3jXncKFeel/4QPb8KS96RuBuXweoqLSEz15bsy0cGrC1Q23RcW38+lrBxcF+6Dvm/7pRKw/50Z2xtzMGTwZ0fItJDMvXkUqk1n6BOUFrdtih4xu2Dwn4CJy7h9xPqRS4snjfhC4IveNw2xN50lEejP2Yt3XvtBGSH0Hgs4c+rEJHBVnGSjQiU9Lq1WGBQPFAoRyJzlFRSTl6kk2eL799gKHlcUknX1/F+lv+PT6fPCRHJFEmlqjiA4rNZgdLsUQsmM33Hz1/cnUO6GDEi326YXXCjbxAirDqHTZ5jrXt9GNcXmdyBsvA== |
| Order No | PAYIN39527704299792392918858414 |
| Amount | Rp 10,000.00 |
β
Signature is VALID
Content yang diverifikasi:1766748332157\n
1a55201eba9640e8b7f9437c894c0cd9\n
{"amount":"10000.00","completionTime":1766748332,"fee":"100","mchOrderNo":"DP20251226000010748519","merchantId":3000155,"nonceStr":"dxCLTvl7qOtPzUeK16XWnkbrwVRAuEMc","orderNo":"PAYIN39527704299792392918858414","orderStatus":2,"payCode":"00020101021226740025ID.CO.BANKNEOCOMMERCE.WWW011893600490591008046002120005200006120303URE51550025ID.CO.BANKNEOCOMMERCE.WWW0215BNC2311131767850303URE5204152053033605405100005802ID5913Ayolinx_Name26014TIMOR TENG SEL6105855626233012230020045099718816358410703A0163046FF4","productCode":"31","payUrl":"https:\/\/sit-marketing-img.bankneo.co.id\/qris\/merchant\/img\/Di0aPuBJQMdO3768LCk-VuOB4H9siHFbWf3FJiIyYu4.png"}...\n
πCreate Signature dengan Private Key
| Timestamp | 1766748332157 |
| Nonce | 1a55201eba9640e8b7f9437c894c0cd9 |
| Request Body | {"amount":"10000.00","completionTime":1766748332,"fee":"100","mchOrderNo":"DP20251226000010748519","merchantId":3000155,"nonceStr":"dxCLTvl7qOtPzUeK16XWnkbrwVRAuEMc","orderNo":"PAYIN39527704299792392918858414","orderStatus":2,"payCode":"00020101021226740025ID.CO.BANKNEOCOMMERCE.WWW011893600490591008046002120005200006120303URE51550025ID.CO.BANKNEOCOMMERCE.WWW0215BNC2311131767850303URE5204152053033605405100005802ID5913Ayolinx_Name26014TIMOR TENG SEL6105855626233012230020045099718816358410703A0163046FF4","productCode":"31","payUrl":"https:\/\/sit-marketing-img.bankneo.co.id\/qris\/merchant\/img\/Di0aPuBJQMdO3768LCk-VuOB4H9siHFbWf3FJiIyYu4.png"} |
β
Signature berhasil dibuat
Generated Signature:p57wlR7C/K/m7DjMiKFWoHCWqzDOciTwfU3jXncKFeel/4QPb8KS96RuBuXweoqLSEz15bsy0cGrC1Q23RcW38+lrBxcF+6Dvm/7pRKw/50Z2xtzMGTwZ0fItJDMvXkUqk1n6BOUFrdtih4xu2Dwn4CJy7h9xPqRS4snjfhC4IveNw2xN50lEejP2Yt3XvtBGSH0Hgs4c+rEJHBVnGSjQiU9Lq1WGBQPFAoRyJzlFRSTl6kk2eL799gKHlcUknX1/F+lv+PT6fPCRHJFEmlqjiA4rNZgdLsUQsmM33Hz1/cnUO6GDEi326YXXCjbxAirDqHTZ5jrXt9GNcXmdyBsvA==
Verifikasi signature yang baru dibuat:β
Self-verification: VALID (Signature yang dibuat bisa diverifikasi dengan public key)
Example HTTP Headers untuk Request ke TARAPAY:tarapay-timestamp: 1766748332157
tarapay-nonce: 1a55201eba9640e8b7f9437c894c0cd9
tarapay-signature: p57wlR7C/K/m7DjMiKFWoHCWqzDOciTwfU3jXncKFeel/4QPb8KS96RuBuXweoqLSEz15bsy0cGrC1Q23RcW38+lrBxcF+6Dvm/7pRKw/50Z2xtzMGTwZ0fItJDMvXkUqk1n6BOUFrdtih4xu2Dwn4CJy7h9xPqRS4snjfhC4IveNw2xN50lEejP2Yt3XvtBGSH0Hgs4c+rEJHBVnGSjQiU9Lq1WGBQPFAoRyJzlFRSTl6kk2eL799gKHlcUknX1/F+lv+PT6fPCRHJFEmlqjiA4rNZgdLsUQsmM33Hz1/cnUO6GDEi326YXXCjbxAirDqHTZ5jrXt9GNcXmdyBsvA==
Content-Type: application/json
π Test 5: Decode dan Analisis Signature
Signature yang akan di-decode:
kcdBnVG+AmYAn62CgUqD3yc5mrMFTBj7Wptx/iq4EZxoQxG8rqy73CqTiVKaYPakQaRKGxUs+rA9/dvYRYytg8qKkdCMu4TVDw6TLa2+3xiAmnC1tjkYAWs5RxE0B97BnuTxCPf7AqPAwz1EgryS72LQTC6y8KeCVsYnMiozUu5TrFn5gcI1t9fGsaoo+/vngl5vh3Tkps679JpFl8XoGCbxlt94l0f1UxhtlPfysUITgOvyKpl71G1yn0T8CH4JuIWpKy3VReL7pUcFkugDYyBRhxjgyzQKBMGox+icj3yzrAzw3OPCeOxQXM8y1Z1c7Brg0KLoKZXBRmRBd1atWg==
| Base64 Length | 344 characters |
| Binary Length | 256 bytes |
| Algorithm | SHA256withRSA (assumed) |
| Key Size | RSA-2048 (256 bytes signature) |
| Hexadecimal | 91c7419d51be0266009fad82814a83df27399ab3054c18fb5a9b71fe2ab8119c684311bcaeacbbdc2a9389529a60f6a441a44a1b152cfab03dfddbd8458cad83ca8a91d08cbb84d50f0e932dadbedf18809a70b5b63918016b3947113407dec19ee4f108f7fb02a3c0c33d4482bc92ef62d04c2eb2f0a78256c627322a3352ee53ac59f981c235b7d7c6b1aa28fbfbe7825e6f8774e4a6cebbf49a4597c5e81826f196df789747f553186d94f7f2b1421380ebf22a997bd46d729f44fc087e09b885a92b2dd545e2fba5470592e8036320518718e0cb340a04c1a8c7e89c8f7cb3ac0cf0dce3c278ec505ccf32d59d5cec1ae0d0a2e82995c14664417756ad5a |
βΉοΈ Catatan Penting:
Signature is a cryptographic hash that cannot be "decoded" to reveal original data. It can only be verified against the original content using the public key.
Verifikasi signature ini dengan data payment:β Signature is INVALID
π Cara Penggunaan dalam Aplikasi
?>
1. Membuat Signature untuk Request (Client to TARAPAY)
<?php
// Generate timestamp dan nonce
$timestamp = time() . "000"; // milliseconds
$nonce = md5(uniqid(rand(), true));
// Request body (JSON)
$requestBody = json_encode([
'merchantId' => 3000155,
'mchOrderNo' => 'ORDER123',
'amount' => '10000.00'
]);
// Create signature
$result = createTarapaySignature($timestamp, $nonce, $requestBody);
if ($result['success']) {
// Send request ke TARAPAY dengan headers
$headers = [
'tarapay-timestamp: ' . $timestamp,
'tarapay-nonce: ' . $nonce,
'tarapay-signature: ' . $result['signature'],
'Content-Type: application/json'
];
}
?>
2. Verifikasi Signature dari Response (TARAPAY to Client)
<?php
// Example: Verify dari webhook/callback TARAPAY
$responseBody = file_get_contents('php://input');
$timestamp = $_SERVER['HTTP_TARAPAY_TIMESTAMP'];
$nonce = $_SERVER['HTTP_TARAPAY_NONCE'];
$signature = $_SERVER['HTTP_TARAPAY_SIGNATURE'];
$result = verifyTarapaySignature($timestamp, $nonce, $responseBody, $signature);
if ($result['valid']) {
// Signature valid, process data
$data = json_decode($responseBody, true);
// Your business logic here
} else {
// Signature invalid
http_response_code(400);
echo json_encode(['error' => $result['error']]);
}
?>
π§ System Information
| PHP Version | 8.3.30 |
| OpenSSL Extension | β
Enabled |
| Server Time | 2026-02-26 22:13:19 |