4.2. SHA-1 Overview

This page allows you to generate SHA-1 signatures using a known good SHA-1 library, https://code.google.com/archive/p/crypto-js/downloads. This way you can quickly identify if INVALID_CONTROL_CODE error received from the ConnPay API server is due to a bad signature or another issue.

To reproduce your API call, input all of the data from your original request. An SHA-1 signed URL should match regardless of the generating library. If the signatures differ, you know there is a bug in your SHA-1 signature code.

4.2.1. Status signature

client_orderid input your Invoice Number
merchant_control input your Control Key

4.2.2. Sale signature

endpointid input your ENDPOINTID
client_orderid input your Invoice Number
merchant_control input your Control Key

4.2.3. Callback signature

merchant_control input your Control Key

String to sign

4.2.4. Implementation examples

          package main;

          import java.security.MessageDigest;
          import java.security.NoSuchAlgorithmException;

          public class HashTextTest {

          * @param args
          * @throws NoSuchAlgorithmException
          public static void main(String[] args) throws NoSuchAlgorithmException {
            System.out.println(sha1("test string to sha1"));

          static String sha1(String input) throws NoSuchAlgorithmException {
              MessageDigest mDigest = MessageDigest.getInstance("SHA1");
              byte[] result = mDigest.digest(input.getBytes("utf-8"));
              StringBuffer sb = new StringBuffer();
              for (int i = 0; i < result.length; i++) {
                  sb.append(Integer.toString((result[i] & 0xff) + 0x100, 16).substring(1));

              return sb.toString();

<script src="http://crypto-js.googlecode.com/svn/tags/3.1.2/build/rollups/sha1.js"></script>
<script type="text/javascript">
    var sha1value = CryptoJS.SHA1("test string to sha1");
         echo -n "test string to sha1" | openssl dgst -sha1