Hash Signature
Hashing is the process of converting an input of any length into a fixed sized string of text involving a mathematical function, this generates an array of letters and number through an algorithm.
Represent data as a short string.
- Impossible to recover the data from the produced hashing output.
- Verify the downloaded document.
- Using for digital signature (authentication, non-repudiation and integrity).
Digital signature can be generated, when hashes with asymmetric encryption were combined. This provides:
Integrity: The message was received is the same message that originally was sent. Authentication: The message which received is really sent by sender.
Non-repudiation: The received message is not fake or provide by third party.
Ottu using hash-signature to support the security and trustability, by hashing part of the payload parameters and send hash-signature with every payload. This allows Ottu to ensure the data has not modified or cut within the payment transition process.
SHA256
amount
currency_code
customer_first_name
customer_last_name
customer_email
customer_phone
customer_address_line1
customer_address_line2
customer_address_city
customer_address_state
customer_address_country
customer_address_postal_code
gateway_name
gateway_account
order_no
reference_number
result
state
Ottu using the key defined by the merchant.

Fill the Key field and click save.

In order to ensure that the hashing is completed properly, Ottu uses a signing API. Signing API should be limited to validation of implementation, not signing of responses.
End point <ottu-url>/b/pbl/v2/sign
Request body
{
"amount":"86.00",
"currency_code":"KWD",
"customer_first_name":"example-customer"
}
Response body
{
"signature":"5ea4c38edb1133e6ea5ba25322ce486c435ab04f14f20dae056a09e14946847a"
}
Hashing KEY=3323232
our key: 3323232
message-before---->:
[('amount', '86.00'),
('currency_code', 'KWD'), ('customer_first_name', 'example-customer')]
message-after-----> amount86.00currency_codeKWDcustomer_first_nameexample-customer
------- HASHING IS DONE ----------
Out[2]: ('5ea4c38edb1133e6ea5ba25322ce486c435ab04f14f20dae056a09e14946847a')
Hashing KEY=3323232
End point <ottu-url>/b/pbl/v2/sign
Request body
{
"amount":"86.00",
"currency_code":"KWD",
"customer_first_name":"example-customer"
}
Response body
{
"signature":"5ea4c38edb1133e6ea5ba25322ce486c435ab04f14f20dae056a09e14946847a"
}
The generated hash-signature by two sides are exactly the same.
Hashing KEY=3323232
our key: 3323232
message-before---->:
[('amount', '86.00'),
('currency_code', 'KWD'), ('customer_first_name', 'example-customer')]
message-after-----> amount86.00currency_codeKWDcustomer_first_nameexample-customer
------- HASHING IS DONE ----------
Out[2]: ('5ea4c38edb1133e6ea5ba25322ce486c435ab04f14f20dae056a09e14946847a')
Hashing KEY=1234 From the merchant dashboard administration panel, change the Hashing KEY to 1234
Request body
{
"amount":"86.00",
"currency_code":"KWD",
"customer_first_name":"example-customer"
}
Response body
{
"signature":"5ea4c38edb1133e6ea5ba25322ce486c435ab04f14f20dae056a09e14946847a"
}
The generated hash-signatures by two sides are not the same.
Ottu enables merchant(s) to determine the IP list for accessing the API.
.png?alt=media&token=3c5e906a-2a6d-4703-afc0-cb32236ed4c7)
Check Enable API, and fill the IP address, then click save button.
.png?alt=media&token=713649c0-70b1-4b0f-8be3-f668a4235c93)
In conjunction with the payment transaction type, the whitelisting IP address should be applied to the checkout API. For instance, type of payment transaction is ecommerce.
.png?alt=media&token=70a29211-9574-47ac-bacc-423f48872774)
Fill the IP address, then click save button.
.png?alt=media&token=2d7e8356-8f7d-4e4d-a3a5-c40d84b7c059)
Last modified 3mo ago