Data integrity

The integrity of S2S exchanged data between Tinaba and the Merchant server is based on a shared secret exchanged offline.

This secret will need to be used in each call to generate a digest (via HMAC)

The digest must be sent using the "signature" field in each request.

The digest will need to be realized, starting with an agreed clear message, using the SHA256 protocol on that message. The result must then be subjected to base64 encoding, before being sent over the network.

Example: initCheckout

signature = base64(SHA256(<merchantId><externalId><amount><currency><creationDate><creationTime><secret>))

Merchant identifier agreed between TINABA and merchant

Name of domainDescription
merchantIdMerchant identifier agreed between TINABA and merchant
externalIdIdentification of the checkout your merchant server
amountAmount in cents
currencyDivided (EUR)
creationDateThe date the payment was created on the merchant's server (yyyyMMdd date format)
creationTimeThe time the payment was created on the merchant's server (time hhmmss format)
secretSecret shared offline between Tinaba and merchant

For more information, see the documentation for individual API calls:

initCheckout >

getCheckoutList >

refundCheckout >

verifyCheckout >