Creating PBN Signature
If you have PBN turned ON, our server will verify the field key send by you with the the dynamic button. This Payment Button Notification (PBN) increase security for your order from "Pay Now" / "Subscribe" buttons that you are dinamically created in your website.
Steps to increase your security for your dinamically created buttons.
(1) Turn On your PBN and get by email your PBN shared secret (Merchant Services >> PBN Settings).
(2) Calculate DATA with the mandatory fields :
data = "business_email=value1&button_type_id=value2&item_name=value3&amount=value4¤cy=value5"
You add to your data the fields shipping and tax if they are set.
data = "business_email=value1&button_type_id=value2&item_name=value3&amount=value4¤cy=value5&shipping=value6&tax=value7"
(3) Calculate your own key based on the input data using the formula:
calculated_key = MD5(sharedSecret + data)
data = data calculated at step (2)
If the "calculated_key" is not the same with our calculated_key this mean that some user change the value from your fields or your "calculated_key" is not valid.
// Getting Raw POST Data
$rawPostedData = file_get_contents("php://input");
// Extracting Field=Value Pairs
$i = strpos($rawPostedData, "&key=")
$fieldValuePairsData = substr($rawPostedData, 0, $i);
// Calculating Key (Notification Signature)
$calculatedKey = md5($fieldValuePairsData . "yourSharedSecret");
// Verifying Notification Key (Signature)
$isValid = $_POST["key"] == $calculatedKey ? true : false;