Response site security
If site security is enabled on your site, you will also receive a hashed responsesitesecurity value in any redirects or URL notifications sent to your system. We strongly recommend that you recalculate the responsesitesecurity hash returned, to ensure it has not been modified by a customer or third party and that the fields were sent by Trust Payments.
Follow these steps to generate the hash:
Important: Do not include the value of the notificationreference or responsesitesecurity fields. These are not used to generate the hash.
The password used when generating the hash is the same password previously agreed with the Support team when configuring your site security.
For example, consider a redirect or URL notification with the following fields:
- errorcode = 0
- orderreference = Order
- paymenttypedescription = VISA
- requestreference = RR555
- settlestatus = 0
- sitereference = test_site12345
- transactionreference = 2-44-66
Using the example above, we would have the following string generated, with your agreed password appended at the end of the string:
(Any blank fields are omitted from the hash)
This generates the value that should be returned in the field responsesitesecurity, in redirects or URL notifications to your system (using the field values specified in step 1):
Note: The response site security isn’t prefixed with a “h” as in the request site security.
Check the hash matches
For valid redirects or URL notifications, the response site security hash that we generate must match the value you have generated using the steps above. This indicates that Trust Payments was the source of the redirect or URL notification and that it has not been modified by the customer or a third party. If the hash you generate does not match that returned in the redirect or URL notification, this potentially indicates that a field has been modified or that there is some other problem with the redirect. Please contact our Support Team for assistance.