logo
Trustly Docs
BETA

Authentication

Use a signature to secure authenticity and data integrity for communicating with Trustly's API
Updated 2 months ago

Overview

The signature with private and public keys is used to ensure sender authenticity and data integrity.

  • All requests from the merchant shall be signed with the merchant's private key, Trustly will verify the signature of the request using the merchant's public key.

  • All responses from Trustly are signed with Trustly's private key and should be verified by the merchant using Trustly's public key.

Key generation

You can generate your private and public keys with OpenSSL:

If you are using Windows you will have to install OpenSSL for Windows in order to run the OpenSSL commands above.


The file public.pem should then be sent to the integration team at Trustly (integration@trustly.com).

Private
Public
openssl genrsa -out private.pem 2048

Trustly's public keys

Trustly's public keys for TEST and LIVE.

TEST
LIVE
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy7h/yX8DEA2m588SrWye
AC8rTMbErwHt2hoTiP9fte/iOo0FXIZSmNsNu422L+iJyvZQu19ebeL7XgB0UXqt
zA6KtXBMXIKwuMCZhbdeR8sb7OKbX2nlWM+e2Hmrr9CTfkZkFBeSC+iN9fAU6PoR
X0i5PWm0uZnaoWXcZnk5CxQCgnfYgsx7xsd8Au+mrqE8SHeT8zi/Inw0Xp6ba25G
YsZhHfIPD2rcZQOpWbmHRS4Jk4aGzSOBHbAZhKlP97PxoVfUcPI3iCA1+3jMs1l2
PYsHUbP60NMVwkGPjFOTv4m1a1wKsue0mhspDdvswZUeKE+POGOuewqTQJ+gIhXw
mQIDAQAB
-----END PUBLIC KEY-----

Serialising and signing your request

The signature is a Base64 encoding of the [Method, concatenated with UUID, concatenated with a serialisation of the Data{} object]. The serialisation is done by concatenating all scalars, hash keys, hash values and array values together, sorted ASCIIbetically. ("Null" is treated as an empty string.)

Please see the simple PHP example below for clarification, and try our signature tester, it will show you how to serialise and sign any data.

Serialise and signing
function serialize_data($object) {
    $serialized = '';
    if( is_array($object) ) {
        ksort($object); //Sort keys
        foreach($object as $key => $value) {
            if(is_numeric($key)) { //Array
                $serialized .= serialize_data($value);
            } else { //Hash
                $serialized .= $key . serialize_data($value);
            }
        }
    } else return $object; //Scalar
    return $serialized;
}

function sign($method, $uuid, $data) {
    $merchant_private_key = openssl_get_privatekey(file_get_contents(
                                'merchant_private_key.pem'
                            ));
    $plaintext = $method . $uuid . serialize_data($data);
    openssl_sign($plaintext, $signature, $merchant_private_key);
    return base64_encode($signature);
}

function verify($method, $uuid, $data, $signature_from_trustly) {
    $trustly_public_key = openssl_get_publickey(file_get_contents(
                                'trustly_public_key.pem'
                            ));
    $plaintext = $method . $uuid . serialize_data($data);
    return openssl_verify($plaintext,
                            base64_decode($signature_from_trustly),
                            $trustly_public_key
                         );
}


Below is an example of a JSON object and how it should be serialised:

Data structure
{
    "MyKey": "MyValue",
    "MyArray": [
        "Element1",
        "Element2",
        {
            "mykey2": "myvalue2"
        }
    ]
}


The JSON data above would result in the serialised string below:

Serialised string
MyArrayElement1Element2mykey2myvalue2MyKeyMyValue