Search code examples
c#asp.netmd5opayo

Opayo API - Unable to validate signature

I have been trying to connect to the Opayo 'Reporting & Admin API' and use the command 'getTransactionDetail' (https://developer-eu.elavon.com/docs/opayo-reporting-api/reporting-commands/gettransactiondetail), but keep getting back error 0010, which indicates that the API Cannot validate the signature value. We have been able to login with our Vendor/Username/Password combination, validating that they are all correct.

The code we are using when sending a POST to the API is below - with certain elements blocked out for security purposes.

using System;
using System.Collections.Specialized;
using System.Security.Cryptography;
using System.Text;
using System.Net;

public partial class test : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {
        string signature = "<command>getTransactionDetail</command><vendor>[Vendor]</vendor><user>[User]</user><vendortxcode>[VendorTXCode]</vendortxcode><password>[Password]</password>";

        using (MD5 md5 = MD5.Create())
        {
            byte[] inputBytes = Encoding.Unicode.GetBytes(signature);
            byte[] hashBytes = md5.ComputeHash(inputBytes);

            StringBuilder sb = new StringBuilder();
            for (int i = 0; i < hashBytes.Length; i++)
            {
                sb.Append(hashBytes[i].ToString("X2"));
            }
            signature = sb.ToString();
        }

        string xmlToPost = "<vspaccess><command>getTransactionDetail</command><vendor>[Vendor]</vendor><user>[User]</user><vendortxcode>[VendorTXCode]</vendortxcode><signature>" + signature + "</signature></vspaccess>";

        using (WebClient client = new WebClient())
        {
            client.BaseAddress = "https://test.sagepay.com";
            client.Headers.Add("Content-Type", "application/x-www-form-urlencoded");
            client.Encoding = Encoding.UTF8;

            var content = new NameValueCollection()
            {
                { "XML", xmlToPost }
            };

            string response = Encoding.UTF8.GetString(client.UploadValues("/access/access.htm", content));
        }
    }
}

Any help in resolving this issue would be appreciated!

Solution

  • Turns out due to the fact we were using Forms integration for our initial payment, we had to instead use the following API documentation: https://developer-eu.elavon.com/docs/opayo/spec/api-reference

    More specifically this part related to repeats: https://developer-eu.elavon.com/docs/opayo/spec/api-reference#operation/createTransaction

    Note the code examples on the right hand side!