Appendix D: MD5 Signature
A hidden text field called md5sig is included in the form submitted to your server. The value of this field is a 128-bit message digest, expressed as a string of thirty-two hexadecimal digits in UPPERCASE. The md5sig is constructed by performing an MD5 calculation on a string built up by concatenating the fields returned to your status_url page. This includes:
merchant_idtransaction_id- the uppercase MD5 value of the ASCII equivalent of the secret word submitted in the Settings > Developer Settings section of your online Skrill account.
mb_amountmb_currencystatus
The purpose of the md5sig field is to ensure the integrity of the data posted back to your server. You should always compare the md5sig field's value posted by Skrill's servers with the one you calculated. To calculate the md5sig, you need to take the values of the fields listed above exactly as they were posted back to you, concatenate them, and perform a MD5 calculation on this string.
Cancelled Payment
The MD5 hash posted on the ondemand_status_url when a Skrill 1-Tap payment has been cancelled is a concatenation of the following fields:
MERCHANT_ID=merchant_idMERCHANT_TRN_ID=transaction_id- The uppercase MD5 value of the ASCII equivalent of the secret word submitted in the Settings > Developer Settings section of the Merchant's online Skrill account
REC_PMT_STATUS=statusTRN_ID=rec_payment_id
The MD5 hash for 1-Tap payments, posted on the status_url is calculated the same way as normal payments/refunds.
Secret Word
The secret word must be submitted in the Settings > Developer Settings section of your Skrill Digital Wallet account before the md5sig can be used. The following restrictions apply when submitting your secret word:
- All characters must be in lowercase
- The length should not exceed 10 characters
- Special characters are not permitted (for example
@,%$, etc.)
If the Settings > Developer Settings section is not displayed in your account, contact merchantservices@skrill.com.