Payment response merchantSig - SHA 256

To verify that the values, which you have received in the result URL, are valid and have not been tampered in the process, refer to this example.

Example:

https://test.adyen.com/hpp/result.shtml?&authResult=AUTHORISED&merchantReference=SKINTEST-test&merchantReturnData=YourMerchantReturnData&merchantSig=ctYgiLlrjyG5OxoXmy8nn5n%2BYToDmw%2BR%2BqrC%2FhQxzE8%3&paymentMethod=ideal&pspReference=7914447419663319&reason=3542&shopperLocale=nl_NL&skinCode=314lwMhy

If you extract the parameters, you have:

Key

Value

authResult

AUTHORISED

merchantReference

SKINTEST-test

merchantReturnData

YourMerchantReturnData

paymentMethod

ideal

pspReference

7914447419663319

reason 3542

shopperLocale

nl_NL

skinCode

314lwMhy

Concatenate the keys and values as:

authResult:merchantReference:merchantReturnData:paymentMethod:pspReference:reason:shopperLocale:skinCode:AUTHORISED:SKINTEST-test:YourMerchantReturnData:ideal:7914447419663319:3542:nl_NL:314lwMhy

This string contains values for you to calculate merchantSig with HMAC SHA-256 key.

If some parameters are missing in the URL, they should be also omitted in the concatenated string. For example, if the merchantReturnData and reason fields are not provided, the string above should look as follows:

authResult:merchantReference:paymentMethod:pspReference:shopperLocale:skinCode:AUTHORISED:SKINTEST-test:ideal:7914447419663319:nl_NL:314lwMhy