Developer PortalMerchant Access Portal
Developers
HomeMerchantsDevelopers
Start typing to search…

Security & Checksum Validation

To ensure secure communication and tamper-proof transaction data, PaySubs uses an MD5 checksum mechanism in both request and response flows.

This cryptographic hashing guarantees data integrity, alerting us to any unauthorized alterations during transit.

How it Works

  1. Checksum is generated by concatenating all field values in a strict sequence using a | (pipe) delimiter.

  2. Your Encryption Key is appended at the end of this string.

  3. The entire string is passed through the MD5 hashing algorithm.

  4. The resulting hash is sent along as the CHECKSUM field.

📘

If the hash doesn’t match PayGate’s expected value, the request is rejected. Always validate incoming response hashes before processing results.

Rules

  • Use all fields, including empty optional fields (like EMAIL or PROCESS_NOW_AMOUNT) in the exact order.

  • MD5 hashes must be generated in lowercase.

  • Keep your encryption key secret and never expose it on the frontend.

PHP Example — No Optional Fields

$encryptionKey = 'secret';

$data = array(
  'VERSION'            => 21,
  'PAYGATE_ID'         => 10011072130,
  'REFERENCE'          => 'pgtest_123456789',
  'AMOUNT'             => 3299,
  'CURRENCY'           => 'ZAR',
  'RETURN_URL'         => 'https://my.return.url/page',
  'TRANSACTION_DATE'   => '2018-06-30 18:30',
  'SUBS_START_DATE'    => '2018-07-01',
  'SUBS_END_DATE'      => '2019-06-30',
  'SUBS_FREQUENCY'     => 228,
  'PROCESS_NOW'        => 'NO',
  'PROCESS_NOW_AMOUNT' => ''
);

$checksum = md5(implode('|', $data) . $encryptionKey);
// Result: c659dacf1ce76032b28ac7131fcf613c

PHP Example — With Optional Fields Populated

$encryptionKey = 'secret';

$data = array(
  'VERSION'            => 21,
  'PAYGATE_ID'         => 10011072130,
  'REFERENCE'          => 'pgtest_123456789',
  'AMOUNT'             => 3299,
  'CURRENCY'           => 'ZAR',
  'RETURN_URL'         => 'https://my.return.url/page',
  'TRANSACTION_DATE'   => '2018-06-30 18:30',
  'EMAIL'              => '[email protected]',
  'SUBS_START_DATE'    => '2018-07-01',
  'SUBS_END_DATE'      => '2019-06-30',
  'SUBS_FREQUENCY'     => 228,
  'PROCESS_NOW'        => 'YES',
  'PROCESS_NOW_AMOUNT' => 3299
);

$checksum = md5(implode('|', $data) . $encryptionKey);
// Result: c0e2feb88e21e5422449b6aba47b80eb

Fields Used in the Checksum

Ensure all fields (even optional ones) are included in this exact order:

VERSION | PAYGATE_ID | REFERENCE | AMOUNT | CURRENCY | RETURN_URL | TRANSACTION_DATE | EMAIL | SUBS_START_DATE | SUBS_END_DATE | SUBS_FREQUENCY | PROCESS_NOW | PROCESS_NOW_AMOUNT | ENCRYPTION_KEY