Verifying the signature of a notification
Link https://merchant.alikassa.com/cabinet/form/setting-api-certs generate "API certificate for notifications", save the archive, unpack
- public.pem
Wrap all GET data in json (in the same order) and sign
$verif = openssl_verify(json_encode([
'type' => $_GET['type'],
'id' => (int) $_GET['id'],
'order_id' => $_GET['order_id'],
'payment_status' => $_GET['payment_status'],
'amount' => $_GET['amount'],
'payment_amount' => $_GET['payment_amount'],
'commission_amount' => $_GET['commission_amount'],
'is_partial_payment' => $_GET['is_partial_payment'],
'account' => $_GET['account'],
'service' => $_GET['service'],
'desc' => $_GET['desc'],
]),
base64_decode($_GET['sign']),
file_get_contents('./certs/notification/public.pem'));
if (!$verif) {
throw new \Exception;
}| Name | Type | Description |
|---|---|---|
| type | string | payment or payout |
| id | int | Id AliKassa |
| order_id | string | Your id |
| payment_status | string | Payment status wait — in the process of payment paid — successfully paid (final status) cancel — canceled (final status) fail — error (final status) |
| amount | string | Amount |
| payment_amount | string | Payment amount |
| commission_amount | string | Commission amount |
| is_partial_payment | bool | Is the payment partial? |
| account | string | Account |
| service | string | Service (Account, Acceptance Methods) |
| desc | string | Description |
| sign | string | Request signature |