Testing notifications
Using example values, here’s a quick test to ensure your signature check works correctly:
item | Example value |
---|---|
version |
1.0 (from the User-Agent header containing Volt/1.0) |
X-Volt-Timed |
1631525064 |
X-Volt-Signed |
ed22494369277d25cf8c2293d142e5fddb9cecbea1f54e28ac16db0bee3b8009 |
body |
{} (empty as in a test notification) |
notification secret |
9c0c8c97-c224-45ed-a195-23b54b1c67e5 |
Steps to test
Use the pipe delimiter (|
) to concatenate the body
, X-Volt-Timed
and version
in that order to create the string to hash
{}|1631525064|1.0
Hash this string using SHA256 and your notification secret
$hash = hash_hmac('sha256', $string, $notification_secret);
If everything is correct, you should receive an HMAC signature that is identical to your X-Volt-Signed key
ed22494369277d25cf8c2293d142e5fddb9cecbea1f54e28ac16db0bee3b8009
Notifications containing real data
Note that when you receive real notifications the body
element should be supplied as one continuous, unformatted, string – with no spaces or slashes to break up parameters – so your body might look like this:-
{"payment":"4a96elcb-8ae0-426c-a95e-d34f18fe32ad","reference":"EXAMPLE123","amount":8888,"status":"PENDING","detailedStatus":"BANK_REDIRECT"}
therefore your check string when concatenated (using the same X-Volt-Timed
and version
as earlier) would look like this:-
{"payment":"4a96elcb-8ae0-426c-a95e-d34f18fe32ad","reference":"EXAMPLE123","amount":8888,"status":"PENDING","detailedStatus":"BANK_REDIRECT"}|1631525064|1.0
and your HMAC signature (using the same notification secret
as earlier) would be
9e09fdc90e8121e9d11f560c226271940b6b1f936ffc7a3f2551956c716b1019
Check your working
Use our handy interactive form to test the HMAC signature calculation – post in the details you get from a Volt notification to re-calculate the signature using your notification secret.
- On this page
- Testing notifications
- Check your working