Validate HTTP-notifications

Every HTTP-notification sent by Cryptonator contains a secret_hash parameter.

A secret_hash contains the SHA-1 hash function value from packing ALL notification parameters together with your secret.

secret_hash = sha1(string&secret)

To check the integrity and authenticity of the received notification, compute the hash using the algorithm below. Compare the obtained data with the value of the secret_hash parameter in the received notification.

String format

merchant_id&invoice_id&invoice_created&invoice_expires&invoice_amount&invoice_currency&invoice_status&invoice_url&order_id&checkout_address&checkout_amount&checkout_currency&date_time&secret

String example

0dd0cf6fd32308b34c6e8b9cb578251f&baf37c414289a5a07095990e536ca958&1457641674&1457642874&0.07000000&usd&unpaid&https://www.cryptonator.com/merchant/invoice/baf37c414289a5a07095990e536ca95&00001&D5atzDQ6Dipp2cp7Z4tHDLHBTAWHCH4F9D&292.14880000&dogecoin&1457641674&334cf656287417fe0c85e4

Should one of the received notification parameters has no value, simply insert & into the string.

Always check the value of the secret_hash parameter. This is necessary to verify the integrity of the notification data and to make sure that the notification was indeed sent by Cryptonator.