Create transaction
Request
For below {profile_key} needs to be replaced with your public key from from the profile and {transaction_code} needs to be replaced with your transaction's code.
Live
GET https://fumopay.app/transaction/get/{profile_key}/{transaction_code}
Test
GET https://fumopay.dev/transaction/get/{profile_key}/{transaction_code}
Request Headers
X-Fumo-Sign-Date: 2006-01-02T15:04:05Z07:00
X-Fumo-Signature: Base64 signed hash
Header descriptions
| header | usage |
|---|---|
| X-Fumo-Sign-Date | The time of the request in ISO date format 2006-01-02T15:04:05Z07:00. The time can only differ by 5 minutes from the current time. |
| X-Fumo-Signature | The signed header which is detailed below |
Request signing
The signature is the concatenation of certain fields which is then given a SHA512 hash which is finally base64 encoded. In pseudo code as follows:
strToHash = profile_key + transaction_code + signed_date_header + secret_key
hash = sha512(strToHash)
signature = base64.encode(hash)
The secret key is from the profile that you are using.
See code examples below.
Response
{
"transaction": {
"merchant_profile": {
"merchant": {
"name": "Business Name"
},
"profile_key": "Profile Key",
"name": "Payment Profile"
},
"amount": 100,
"status": 11,
"description": "fumopay QR",
"ext_customer": "fumopay QR",
"ext_reference": "my reference",
"currency": "GBP",
"timestamp": "2023-01-30 11:58:25",
"bank": {
"id": 1,
"name": "Model O Bank"
},
"account_name": "Mario Carpentry",
"account_number": "GB29OBI170000170000001",
"account_scheme": "UK.OBIE.IBAN",
"merchant_account": {
"name": "Test",
"scheme": "UK.OBIE.SortCodeAccountNumber",
"number": "12345612345678",
"bank_id": 1
},
"code": "transaction_code",
"email": "email@email.com",
"age": 1
},
"error": ""
}
Field descriptions
| field | usage |
|---|---|
| merchant_profile | The used business profile |
| merchant | The used business |
| name | The business name |
| profile_key | The business profile key |
| name | The business profile name |
| amount | Transaction amount in pence |
| status | Payment Status. 11 means paid |
| description | Transaction description |
| ext_customer | Your customer reference |
| ext_reference | Your reference, for example an order number |
| currency | Payment currency |
| timestamp | Timestamp of transaction |
| bank | The bank the customer paid from |
| id | The bank id |
| name | The name of the bank |
| account_name | The customer's account name |
| account_number | The customer's account number |
| account_scheme | The customer's account scheme |
| merchant_account | The business's account |
| name | The business's account name |
| scheme | The business's account scheme |
| number | The business's account number |
| bank_id | The business's account bank id |
| code | Transaction code |
| Customer's email | |
| age | How long the transaction was allowed to be active |
| error | The error message if not successful |
Signing Code examples
JavaScript
let toHash = `${profile_key}${transaction_code}${signed_date_header}${secret_key}`
const msgUint8 = new TextEncoder().encode(toHash)
const hashBuffer = await crypto.subtle.digest("SHA-512", msgUint8)
let signature = window.btoa(String.fromCharCode(...new Uint8Array(hashBuffer)))
PHP
$strToHash = implode('',[$profile_key, $transaction_code, $signed_date_header, $secret_key]);
$hashed = hash("sha512", $strToHash, true);
$signature = base64_encode($hashed);
Golang
stringToHash := fmt.Sprintf("%s%s%s%s", profile_key, transaction_code, signed_date_header, secretKey)
hash := sha512.New()
hash.Write([]byte(stringToHash))
signature := base64.StdEncoding.EncodeToString(hash.Sum(nil))
Python
stringToHash = "".join([profile_key, transaction_code, signed_date_header, secretKey])
hash = hashlib.sha512(stringToHash.encode('utf-8'))
signature = base64.b64encode(hash.digest()).decode("utf-8")
Dart
final strtoHash = profile_key + transaction_code + signed_date_header + secretKey;
var bytes = utf8.encode(strtoHash);
var digest = sha512.convert(bytes);
var signature = base64.encode(digest.bytes);