Computing Request Validation Hash

It is important to verify that events originate from Monnify to avoid delivering value based on a counterfeit event. Whenever Monnify sends a notification, a hash of the request body is computed and set in the request header with the key 'monnify-signature. We expect you to try to recreate the hash and only accept or honor the notification if your computed hash matches what’s sent by Monnify.

To calculate the hash value, you will have to hash the whole object with your unique client secret as key. This allows you to pass data to be hashed as a string alongside the client secret.

Guide on computing transaction Hash

Step 1: First of all you’d need to know your client secret key, this can be found at the developers section of your dashboard.

Step 2: When computing the transaction hash, you’d need to be able to capture the whole body of the request as an object because you’d need your client key and the whole object of the request body to verify the hash key received.

Step 3:

The hashing algorithm to be used is SHA-512. There should be no spaces in generating the hash value.

Do a SHA-512 encoding of your client secret key and object of the request body i.e SHA-512 (client secret key + object of request body).

Example Scenario

Sample Client Key: 91MUDL9N6U3BQRXBQ2PJ9M0PW4J22M1Y

Sample Request

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 { "eventData": { "product": { "reference": "111222333", "type": "OFFLINE_PAYMENT_AGENT" }, "transactionReference": "MNFY|76|20211117154810|000001", "paymentReference": "0.01462001097368737", "paidOn": "17/11/2021 3:48:10 PM", "paymentDescription": "Mockaroo Jesse", "metaData": {}, "destinationAccountInformation": {}, "paymentSourceInformation": {}, "amountPaid": 78000, "totalPayable": 78000, "offlineProductInformation": { "code": "41470", "type": "DYNAMIC" }, "cardDetails": {}, "paymentMethod": "CASH", "currency": "NGN", "settlementAmount": 77600, "paymentStatus": "PAID", "customer": { "name": "Mockaroo Jesse", "email": "111222333@ZZAMZ4WT4Y3E.monnify" } }, "eventType": "SUCCESSFUL_TRANSACTION" }

Hashed Value: f04fb635e04d71648bd3cc7999003da6861483342c856d05ddfa9b2dafacb873b0de1d0f8f67405d0010b4348b721c49fa171d317972618debba6b638aedcd3c.


Computing the Request Validation Hash(NodeJs)

1 2 3 4 5 6 7 8 9 10 11 12 13 14 const sha512 = require('js-sha512').sha512; const DEFAULT_MERCHANT_CLIENT_SECRET = '91MUDL9N6U3BQRXBQ2PJ9M0PW4J22M1Y' const computeHash = (requestBody) => { const result = sha512.hmac(DEFAULT_MERCHANT_CLIENT_SECRET, requestBody) return result } const stringifiedRequestBody = '{"eventData":{"product":{"reference":"111222333","type":"OFFLINE_PAYMENT_AGENT"},"transactionReference":"MNFY|76|20211117154810|000001","paymentReference":"0.01462001097368737","paidOn":"17/11/2021 3:48:10 PM","paymentDescription":"Mockaroo Jesse","metaData":{},"destinationAccountInformation":{},"paymentSourceInformation":{},"amountPaid":78000,"totalPayable":78000,"offlineProductInformation":{"code":"41470","type":"DYNAMIC"},"cardDetails":{},"paymentMethod":"CASH","currency":"NGN","settlementAmount":77600,"paymentStatus":"PAID","customer":{"name":"Mockaroo Jesse","email":"111222333@ZZAMZ4WT4Y3E.monnify"}},"eventType":"SUCCESSFUL_TRANSACTION"}'; const computedHash = computeHash(stringifiedRequestBody); console.log("Computed hash", computedHash);

Computing the Request Validation Hash (PHP)

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 <?php class CustomTransactionHashUtil { public static function computeSHA512TransactionHash($stringifiedData, $clientSecret) { $computedHash = hash_hmac('sha512', $stringifiedData, $clientSecret); return $computedHash; } } $DEFAULT_MERCHANT_CLIENT_SECRET = '91MUDL9N6U3BQRXBQ2PJ9M0PW4J22M1Y'; $data = '{"eventData":{"product":{"reference":"111222333","type":"OFFLINE_PAYMENT_AGENT"},"transactionReference":"MNFY|76|20211117154810|000001","paymentReference":"0.01462001097368737","paidOn":"17/11/2021 3:48:10 PM","paymentDescription":"Mockaroo Jesse","metaData":{},"destinationAccountInformation":{},"paymentSourceInformation":{},"amountPaid":78000,"totalPayable":78000,"offlineProductInformation":{"code":"41470","type":"DYNAMIC"},"cardDetails":{},"paymentMethod":"CASH","currency":"NGN","settlementAmount":77600,"paymentStatus":"PAID","customer":{"name":"Mockaroo Jesse","email":"111222333@ZZAMZ4WT4Y3E.monnify"}},"eventType":"SUCCESSFUL_TRANSACTION"}'; $computedHash = CustomTransactionHashUtil::computeSHA512TransactionHash($data, $DEFAULT_MERCHANT_CLIENT_SECRET); echo $computedHash; ?>

Computing the Request Validation Hash (Java)

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 public class TransactionHashUtil { private static final String HMAC_SHA512 = "HmacSHA512"; private static String toHexString(byte[] bytes) { Formatter formatter = new Formatter(); for (byte b : bytes) { formatter.format("%02x", b); } return formatter.toString(); } public String calculateHMAC512TransactionHash(String data, String merchantClientSecret) throws SignatureException, NoSuchAlgorithmException, InvalidKeyException { SecretKeySpec secretKeySpec = new SecretKeySpec(merchantClientSecret.getBytes(), HMAC_SHA512); Mac mac = Mac.getInstance(HMAC_SHA512); mac.init(secretKeySpec); return toHexString(mac.doFinal(data.getBytes())); } }