• France
status page
Merchant Back Office
assistance
FAQContact support
Search
Categories
Tags
English
French
English
Homepage
Use cases
Create a payment
Create an installment payment
Create a multi-card (split) payment
Create a payment by Alias (Token)
Create a payment link
Create a recurring payment
Manage subscriptions
Manage your transactions (refund, cancel...)
Analyze your reports
API docs
Embedded Form
REST API
Hosted payment
Mobile payment
File exchange
Logos
Push mail
Snippets
Payment methods
Plugins
Guides
Merchant Back Office
Functional guides

Ensuring interaction integrity

The integrity of exchanged information is preserved by the exchange of alphanumeric signatures between the payment platform and the merchant website.

The payment gateway and the merchant website interact via HTML forms.

A form contains a list of specific fields (see chapter Generating a payment form) used to generate a chain.

This chain is then converted to a smaller chain using a hash function (SHA-1,HMAC-SHA-256).

The merchant will be able to choose the hash algorithm in their Merchant Back Office (see chapter Choosing the hash algorithm).

The resulting chain is referred to as the digest (empreinte in French) of the initial chain.

The digest must be transmitted in the signature field (see chapter Computing the signature).

Modeling security mechanisms:

Figure 1. Diagram of a security mechanism
  1. The merchant website builds the form data and computes the signature.
  2. The merchant website submits the form to the gateway.
  3. The gateway receives the form data and computes the signature.
  4. The gateway compares the computed signature with the signature that was transmitted by the merchant website.
  5. If the signatures are different, the payment request is rejected.

    If not, the gateway proceeds to payment.

  6. The gateway builds the result data and computes the response signature.
  7. Depending on the shop configuration (see chapter Setting up notifications), the payment gateway transmits the payment result to the merchant website.
  8. The merchant website receives the data and computes the signature. It compares the computed signature with the signature that was transmitted by the payment gateway.
  9. If the signatures are different, the merchant analyses the source of the error (computation error, attempted fraud, etc.).

    If not, the merchant proceeds to update their database (stock status, order status, etc.).

© 2025 {'|'} All rights reserved to Systempaylegal
25.18-1.11