Menu
I am making an app in which after a successful payment I create a digest which I verify using the suggest way of Razorpay signature verification.
My backend is in NodeJS and here is how I am creating the digest.
const crypto = require("crypto");
var generatedSignature = crypto
.createHmac(
"SHA256",
razorpay_order_id + "|" + razorpay_payment_id
)
.update(key_secret)
.digest("hex");
var isSignatureValid = generatedSignature == payload.razorpay_signature // false
Is my way of creating signature wrong?
925
You can use the following code. Hope this makes a more understandable code.
const crypto = require("crypto");
const hmac = crypto.createHmac('sha256', RAZORPAY_KEY_SECRET);
hmac.update(razorpayOrderId + "|" + razorpayPaymentId);
let generatedSignature = hmac.digest('hex');
let isSignatureValid = generatedSignature == payload.razorpay_signature;
Refer this link for more https://nodejs.org/api/crypto.html#crypto_class_hmac
99
2022 Update:
Just checked razorpay documentation:
Suggested approach:
const razorpay = require("razorpay");
const isValid = razorpay.validateWebhookSignature(reqBody, signature, mySecret);
Documentation Link: https://razorpay.com/docs/payments/payment-gateway/server-integration/nodejs/#subscribe-to-webhook-events
36
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With