The integrity of S2S exchanged data between Tinaba and the Merchant server is based on a shared secret exchanged offline.
This secret will need to be used in each call to generate a digest (via HMAC)
The digest must be sent using the “signature” field in each request.
The digest will need to be realized, starting with an agreed clear message, using the SHA256 protocol on that message. The result must then be subjected to base64 encoding, before being sent over the network.
signature = base64(SHA256(<merchantId><externalId><amount><currency><creationDate><creationTime><secret>))
Merchant identifier agreed between TINABA and merchant
|Name of domain||Description|
|merchantId||Merchant identifier agreed between TINABA and merchant|
|externalId||Identification of the checkout your merchant server|
|amount||Amount in cents|
|creationDate||The date the payment was created on the merchant’s server (yyyyMMdd date format)|
|creationTime||The time the payment was created on the merchant’s server (time hhmmss format)|
|secret||Secret shared offline between Tinaba and merchant|
For more information, see the documentation for individual API calls: