---
title: "Payment response merchantSig - SHA 256"
url: "https://docs.adyen.com/online-payments/classic-integrations/hosted-payment-pages/hpp-payment-response/payment-response-merchantsig-sha-256"
source_url: "https://docs.adyen.com/online-payments/classic-integrations/hosted-payment-pages/hpp-payment-response/payment-response-merchantsig-sha-256.md"
canonical: "https://docs.adyen.com/online-payments/classic-integrations/hosted-payment-pages/hpp-payment-response/payment-response-merchantsig-sha-256"
last_modified: "2026-05-26T13:48:54+02:00"
language: "en"
---

# Payment response merchantSig - SHA 256

[View source](/online-payments/classic-integrations/hosted-payment-pages/hpp-payment-response/payment-response-merchantsig-sha-256.md)

**Hosted Payment Pages are no longer available**

To accept payments through an Adyen-hosted page, use our [Hosted Checkout](/online-payments/build-your-integration/sessions-flow?platform=Web\&integration=Hosted%2BCheckout).

This page is for the classic Hosted Payment Pages (HPP) integration, which has reached end-of-life. We are no longer processing transactions though HPP.

To verify that the values, which you have received in the result URL, are valid and have not been tampered in the process, refer to this example.

Example:

```
https://test.adyen.com/hpp/result.shtml?&authResult=AUTHORISED&merchantReference=SKINTEST-test&merchantReturnData=YourMerchantReturnData&merchantSig=ctYgiLlrjyG5OxoXmy8nn5n%2BYToDmw%2BR%2BqrC%2FhQxzE8%3&paymentMethod=ideal&pspReference=7914447419663319&reason=3542&shopperLocale=nl_NL&skinCode=314lwMhy
```

If you extract the parameters, you have:

| **Key**              | **Value**              |
| -------------------- | ---------------------- |
| `authResult`         | AUTHORISED             |
| `merchantReference`  | SKINTEST-test          |
| `merchantReturnData` | YourMerchantReturnData |
| `paymentMethod`      | ideal                  |
| `pspReference`       | 7914447419663319       |
| `reason`             | 3542                   |
| `shopperLocale`      | nl\_NL                 |
| `skinCode`           | 314lwMhy               |

Concatenate the keys and values as:

```
authResult:merchantReference:merchantReturnData:paymentMethod:pspReference:reason:shopperLocale:skinCode:AUTHORISED:SKINTEST-test:YourMerchantReturnData:ideal:7914447419663319:3542:nl_NL:314lwMhy
```

This string contains values for you to calculate `merchantSig` with HMAC SHA-256 key.

If some parameters are missing in the URL, they should be also omitted in the concatenated string. For example, if the `merchantReturnData` and `reason` fields are not provided, the string above should look as follows:

authResult:merchantReference:paymentMethod:pspReference:shopperLocale:skinCode:AUTHORISED:SKINTEST-test:ideal:7914447419663319:nl\_NL:314lwMhy