Authentication

This section is prepared to provide you with basic information about the necessary security and authentication steps before starting the integration.

When communicating with MorPOS APIs Authentication with the SHA256 algorithm is mandatory. You can include the authentication mechanism in your integration by following the steps below.

1) Headers

MorPOS Merchant Panel > Key Management > Recognize Key by accessing the screen Obtain your and ClientSecret information.

This information must be sent in the header fields of all API calls you make.

2) Request Sign

For any API call, the sign parameter, which must be sent along with the request body, is mandatory.

The Sign value is generated as follows:

• The fields in the request body are taken

• Instead of writing them one per line they are concatenated as a string

• The API Key is appended to the end

• It is encrypted with SHA256

• Converted to Base64 format and turned to uppercase

• This generated value sign is sent with the API request in the

const requestBody = {
  conversationId: "17-character-unique-id",
  merchantId: "Your Merchant Number",
  // ...
  apiKey: "your apiKey information",
};

function calculateDynamicHash(requestBody) {
  const concatenatedString = Object.values(requestBody)
    .map((value) => `${value}`)
    .join(";");

  if (!concatenatedString || concatenatedString.trim() === "") return false;

  const sign = CryptoJS.enc.Base64.stringify(
    CryptoJS.SHA256(CryptoJS.enc.Utf8.parse(concatenatedString))
  ).toUpperCase();

  return sign;
}