Looking for logos? Get them here
Search
Mobile menu

MD5 Calculation

Nets offers MD5-key control in order to secure that the data sent between your system and Nets system has not been tampered with, due to communication errors, hacking or interfering malware. The control works for both the request from your system to Nets and for the response from Nets back to your system. As default the MD5-key control is optional, but can be made mandatory by activating the functionality in the Nets Administration

You can find your md5 key pair in Nets Admin in the following menu:

Integration / MD5 Keys

Description

Previous
Next

Transfer to the Nets server

FlexWin utilizes MD5-key control, and before calling it an MD5-key can be calculated by the shop based on critical parameters in the request as well as a set of private keys found in the Nets Administration. When Nets receives a request with an MD5-key, a corresponding calculation is done internally, and if the calculated key matches the received key, the request is approved, and otherwise rejected.

MD5 flow

  1. The shop calculates the MD5-key
  2. The MD5-key is sent as a parameter along with the call to FlexWin
  3. Nets calculates the MD5-key with the same algorithm and compares the result to the key parsed in the call to Flexwin
  4. If the keys match, the payment is accepted (by Nets), otherwise the payment is rejected

Keep in mind that the orderid must always be unique when using MD5 keys. 

Calculation algorithm

The following algorithm should be used when calculating the MD5-key for the request to FlexWin. In the algorithm, key1 and key2 denote the shop specific secret keys found in the Nets administration, and parameters marked with *your* denotes the parameter values for the specific request.

md5key = MD5(key2 + MD5(key1 + merchant=<merchant>&orderid=<orderid>&‌currency=<currency>&amount=<amount>));

$parameter_string = '';
$parameter_string .= 'merchant=' . $yourMerchantID;
$parameter_string .= '&orderid=' . $yourOrderID;
$parameter_string .= '&currency=' . $yourCurrency;
$parameter_string .= '&amount=' . $yourAmount;

$md5key = MD5($key2 . MD5($key1 . $parameter_string) );
parameter_string = '';
parameter_string += 'merchant=' + yourMerchantID;
parameter_string += '&orderid=' + yourOrderID;
parameter_string += '&currency=' + yourCurrency;
parameter_string += '&amount=' + yourAmount;

md5key = MD5(key2 + MD5(key1 + parameter_string) );

Note: The Javascript example is meant for debugging purposes only, and the MD5 calculation should never be done on client side.

When using Split Auth the correct approach to amounts when calculating md5 and using split amounts should be:
given 3 amounts, amount1=10, amount2=100, and amount3=1000
use the following "amount part" for the string to calculate md5: amount=1110

Response from the Nets server

If a transaction/ticket authroization is successfull a response to the accepturl (and if configured, also to the callbackurl and cancelurl) will be sent with an 'authkey' parameter. Depending on the transaction type the calculation is completed in one of two ways.

Authkey flow

  1. Before responding to the shop, Nets will, depending on the transaction type, calculate the value of the 'authkey' using the algorithm below.
  2. When the shop has received the response, the same calculation of the 'authkey' should be done by the shop.
  3. If the key calculated by the shop and the key sent by Nets doesn't match, the transaction should be rejected. Furthermore, if the returned transaction ID is not unique (a response has already been received for the transaction), the response should also be rejected.

Apart from authkey verification, it should be checked that the amount and currency matches the original order made using the order ID.

Calculation algorithm

The following algorithm should be used when calculating the authkey returned from Flexwin. In the algorithm, key1 and key2 denote the shop specific secret keys found in the Nets administration, and parameters marked with *your* denotes the parameter values for the specific variable.

Please note that the when specifying the currency, it must be in the numeric format and if calcfee is used, the amount used to calculate the authkey should include the fee. See the ISO4217 standard for more information.

Normal transaction 'authkey' calculation:

$parameter_string = '';
$parameter_string .= 'transact=' . $yourTransactionID;
$parameter_string .= '&amount=' . $yourAmount;
$parameter_string .= '&currency=' . $yourCurrency;

$md5key = MD5($key2 . MD5($key1 . $parameter_string) );
parameter_string = '';
parameter_string += 'transact=' + yourTransactionID;
parameter_string += '&amount=' + yourAmount;
parameter_string += '&currency=' + yourCurrency;

md5key = MD5(key2 + MD5(key1 + parameter_string) );

Ticket transaction 'authkey' calculation:

$parameter_string = '';
$parameter_string .= 'transact=' . $yourTransactionID;
$parameter_string .= '&preauth=true';
$parameter_string .= '&currency=' . $yourCurrency;

$md5key = MD5($key2 . MD5($key1 . $parameter_string) );
parameter_string = '';
parameter_string += 'transact=' + yourTransactionID;
parameter_string += '&preauth=true';
parameter_string += '&currency=' + yourCurrency;

md5key = MD5(key2 + MD5(key1 + parameter_string) );

Note: When using the calcfee functionality, the amount value must be set to the sum of the base amount and the fee.

The Javascript examples are meant for debugging purposes only, and the MD5 calculation should never be done on client side.

 

 

Examples

Consider the following call to FlexWin.

<FORM NAME="RedirForm" ACTION="https://payment.architrade.com/paymentweb/start.action" METHOD="POST" CHARSET="UTF-8">
    <input type="hidden" name="merchant" value="90000001" />
    <input type="hidden" name="amount" value="100" />
    <input type="hidden" name="accepturl" value="https://www.yourSecurePage.com/accept.pml" />
    <input type="hidden" name="orderid" value="12345678" />
    <input type="hidden" name="currency" value="208" />
    <input type="hidden" name="md5key" value="158a668ebc50d3c2fe1a393692a883f3" />
</FORM>

The MD5-keys for the calculations are:

k1 = Gh0VOYNRW5?F%vCqt}BR~lPMrk4VT&o6
k2 = -UbXVIo#n8~~1GO~vr;}XG_1{qu21Gc2

The calculations of the "md5key" value is as follows. First of all the string from the parameter values is created:

parameterString = merchant=90000001&orderid=12345678&currency=208&amount=100

Next the first MD5 hash calculation is made:

innerMD5 = MD5(k1 + parameterString)
innerMD5 = MD5('Gh0VOYNRW5?F%vCqt}BR~lPMrk4VT&o6merchant=90000001&orderid=12345678&currency=208&amount=100')
innerMD5 = c3caca2a1b3029bde0449936e5078a04

The second MD5 hash calculation is now completed:

md5key = MD5(k2 + innerMD5)
md5key = MD5('-UbXVIo#n8~~1GO~vr;}XG_1{qu21Gc2c3caca2a1b3029bde0449936e5078a04')
md5key = 158a668ebc50d3c2fe1a393692a883f3

Thus calculating the 'md5key' for a normal transaction through a hosted solution.

The following transaction call is made to FlexWin.

<FORM NAME="RedirForm" ACTION="https://payment.architrade.com/paymentweb/start.action" METHOD="POST" CHARSET="UTF-8">
    <input type="hidden" name="merchant" value="90000001" />
    <input type="hidden" name="amount" value="100" />
    <input type="hidden" name="accepturl" value="https://www.yourSecurePage.com/accept.pml" />
    <input type="hidden" name="orderid" value="12345678" />
    <input type="hidden" name="currency" value="208" />
    <input type="hidden" name="md5key" value="158a668ebc50d3c2fe1a393692a883f3" />
</FORM>

Consider the following response data.

data = approvalcode=123456&transact=760478797&authkey=9635f527c1115d32ff1148214dd8a80f

The MD5 keys for the calculations are:

k1 = Gh0VOYNRW5?F%vCqt}BR~lPMrk4VT&o6
k2 = -UbXVIo#n8~~1GO~vr;}XG_1{qu21Gc2

The calculations of the "authkey" value is as follows. First the string from the parameter values is created:

parameterString = transact=760478797&amount=100&currency=208

Next the first MD5 hash calculation is made:

innerMD5 = MD5(k1 + parameterString)
innerMD5 = MD5('Gh0VOYNRW5?F%vCqt}BR~lPMrk4VT&o6transact=760478797&amount=100&currency=208')
innerMD5 = 236289e528d625e82cfd70bf0a5b707a

The second MD5 hash calculation is now completed:

authkey = MD5(k2 + innerMD5)
authkey = MD5('-UbXVIo#n8~~1GO~vr;}XG_1{qu21Gc2236289e528d625e82cfd70bf0a5b707a')
authkey = 9635f527c1115d32ff1148214dd8a80f

Thus calculating the 'authkey' for a normal transaction through a hosted solution.

The following transaction call is made to FlexWin.

<FORM NAME="RedirForm" ACTION="https://payment.architrade.com/paymentweb/start.action" METHOD="POST" CHARSET="UTF-8">
    <input type="hidden" name="merchant" value="90000001" />
    <input type="hidden" name="amount" value="100" />
    <input type="hidden" name="accepturl" value="https://www.yourSecurePage.com/accept.pml" />
    <input type="hidden" name="orderid" value="12345678" />
    <input type="hidden" name="currency" value="208" />
    <input type="hidden" name="preauth" value="1" />
    <input type="hidden" name="md5key" value="158a668ebc50d3c2fe1a393692a883f3" />
</FORM>

Consider the following response data.

data = approvalcode=123456&transact=760478797&authkey=17c3092efdda67472bd75a11f5d25a30

The MD5 keys for the calculations are:

k1 = Gh0VOYNRW5?F%vCqt}BR~lPMrk4VT&o6
k2 = -UbXVIo#n8~~1GO~vr;}XG_1{qu21Gc2

The calculations of the "authkey" value is as follows. First the string from the parameter values is created:

parameterString = transact=760478797&preauth=true&currency=208

Next the first MD5 hash calculation is made:

innerMD5 = MD5(k1 + parameterString)
innerMD5 = MD5('Gh0VOYNRW5?F%vCqt}BR~lPMrk4VT&o6transact=760478797&preauth=true&currency=208')
innerMD5 = ade2798bc8c6337e48b51224e9c5783c

The second MD5 hash calculation is now completed:

authkey = MD5(k2 + innerMD5)
authkey = MD5('-UbXVIo#n8~~1GO~vr;}XG_1{qu21Gc2ade2798bc8c6337e48b51224e9c5783c')
authkey = 17c3092efdda67472bd75a11f5d25a30

Thus calculating the 'authkey' for a ticket transaction through a hosted solution.

Calculation tool

Use this tool to test your md5 calculation

-- Under construction

Do you have a question or need help?
Contact us
Help and Support
Customer Support General T&C Easy T&C
Useful Links
Operational Status Customer Support Logos and Graphics
Follow us
Nets Online Payments

Oslo: +47 21 55 44 00
Stockholm: +46 (0)8-527 525 00
København: +45 7020 3077
Jyväskylä: + 358 010 80 40 40

Copyright © 2020 Nets Denmark A/S. All rights reserved.

Close menu
Get a test account
Search