I send ajax request to https://api.privatbank.ua/p24api/balance () . This api accepts an xml document. In the answer I receive invalid signature.

Display from Privatbank docs:

The request signature is calculated as follows (PHP): $ sign = sha1 (md5 ($ data. $ Password)); $ data - the content of the tag of this request; $ password - merchant personal password

Link to documentation: https://api.privatbank.ua/balance.html

How exactly do you need to format the contents of the data tag?

Signature calculation:

$pass="***************"; $data="<oper>cmt</oper><wait>0</wait><test>0</test><payment><prop name=\"cardnum\" value=\"*************\"></prop><prop name=\"country\" value=\"UA\"></prop></payment>"; $sign =sha1(md5($data.$pass));

and the Ajax request code itself:

 var xml = '' + '<\?xml version="1.0" encoding="UTF-8"\?>'+ '<request version="1.0">'+ '<merchant>'+ '<id>mercaht-id</id>'+ '<signature>'+'<?$sign?>'+'</signature>'+ '</merchant>'+ '<data>'+ '<oper>cmt</oper>'+ '<wait>0</wait>'+ '<test>0</test>'+ '<payment id="">'+ ' <prop name="cardnum" value="cart-number" />'+ ' <prop name="country" value="UA" />'+ '</payment>'+ '</data>'+ '</request>'; function Privat24Info(){ var request = new XMLHttpRequest(); request.open("POST", "https://api.privatbank.ua/p24api/balance", false); request.send(xml); alert(request.responseText); }
  • In the above code, the contents of the $data variable and the <data> in the xml variable are different. At a minimum, the presence of spaces before the tags <prop> . - Yaant
  • @Yaant I understand, I tried a variety of options. Invalid signature anyway - Klaod
  • one
    There is no need to try the options here. You just need to make sure that the contents of your $data and the corresponding substring in xml match up to a byte. From the question in its current form, this is not a drop obvious ... - Yaant
  • @Yaant now try, thanks - Klaod
  • @Yaant solved the problem, it was a mismatch - Klaod

2 answers 2

 $pass = 'GURY0F2GRfK84vANld3lno13jSw1v66L'; $data = '<oper>cmt</oper>'; $data .= '<wait>0</wait>'; $data .= '<test>0</test>'; $data .= '<payment id="">'; $data .= '<prop name="sd" value="01.10.2016" />'; $data .= '<prop name="ed" value="30.10.2016" />'; $data .= '<prop name="card" value="'.$card.'" />'; $data .= '</payment>'; $sign = sha1(md5($data.$pass));

Here, this code works for me

    I think the problem here is not at all in the data, but in the mode of transmission. You are using Ajax, and this is already a cross-domain query, which can be denied on the privat24 side. I recommend to implement it with curl or something like that. Example from privat

    Although in the code you found an error: enter image description here Maybe there is a reason for it ...