Integrity Digest
The Integrity Digest works in conjunction with Prepared Payments, Idempotency Tokens, and Webhooks to provide a secure and predictable transaction flow for online payments.
When creating a payment request using either Prepared Payments or directly with Transact the merchant may include an IntegritySecret. In subsequent responses and webhooks this secret will be used to create a cryptographic hash of key response fields named IntegrityDigest.
If you use a static secret you should rotate it regularly, or you can use a unique secret per call.
IntegritySecret must only be sent over direct channels, Prepared Payments or Payments API. Never include the IntegritySecret on public web pages as this will compromise the security of the resulting IntegrityDigest.
Request Fields
| Field Name | Description | Req'd | Size | Type |
|---|---|---|---|---|
| IntegritySecret | Provides a secret only known to the merchant | O | 50 max. | A |
Response Fields
| Field Name | Description | Size | Type |
|---|---|---|---|
| IntegrityDigest | Contains a hash of key response fields to confirm the authenticity of the raw data | 20 max. | A |
Validating the Integrity Digest
TransactDirect provides a simple enpoint to validate the IntegrityDigest.
https://elite.monek.com/secure/IntegrityCheck.ashx
| Field Name | Description | Source | Req'd | Size | Type |
|---|---|---|---|---|---|
| IntegritySecret | The secret used to create the transaction | Req | M | 50 max. | A |
| IdempotencyToken | The idempotency token from the request | Req | O | 50 max. | A |
| PaymentReference | The merchants payment reference | Req | O | 50 max. | A |
| Amount | The transaction amount | Req/Res | M | 10 max. | A |
| CurrencyCode | The transaction currency code | Req/Res | M | 3 | A |
| IntegrityDigest | The digest received in the transaction response | Res | M | 50 max. | A |
| RequestTime | The request time as confirm in the transaction response | Res | M | 25 max. | ISO 8601 |
| CrossReference | The transaction Cross Reference | Res | M | 50 max. | A |
| ResponseCode | The 2 digit transaction response code | Res | M | 1 | A |
| ResponseMessage | The response message text | Res | M | 80 max. | A |
If the Integrity hash is correct then IntegrityCheck.ashx will return a 200 OK response code.
In all other scenarios, including missing or bad data, the response code will be 400 BAD REQUEST