Testing notifications
Using example values, here’s a quick test to ensure your signature check works correctly:
| item | Example value |
|---|---|
version |
1.0 (from the User-Agent header containing Volt/1.0) |
X-Volt-Timed |
1631525064 |
X-Volt-Signed |
ed22494369277d25cf8c2293d142e5fddb9cecbea1f54e28ac16db0bee3b8009 |
body |
{} (empty as in a test notification) |
notification secret |
9c0c8c97-c224-45ed-a195-23b54b1c67e5 |
Steps to test
Use the pipe delimiter (|) to concatenate the body, X-Volt-Timed and version in that order to create the string to hash
{}|1631525064|1.0Hash this string using SHA256 and your notification secret
$hash = hash_hmac('sha256', $string, $notification_secret);If everything is correct, you should receive an HMAC signature that is identical to your X-Volt-Signed key
ed22494369277d25cf8c2293d142e5fddb9cecbea1f54e28ac16db0bee3b8009Notifications containing real data
Note that when you receive real notifications the body element should be supplied as one continuous, unformatted, string – with no spaces or slashes to break up parameters. Don’t escape quotes, or encode accented or special characters. So in this case your body might look like this:-
{"payment":"4a96elcb-8ae0-426c-a95e-d34f18fe32ad","reference":"EXAMPLE123","amount":8888,"status":"PENDING","detailedStatus":"BANK_REDIRECT"}
therefore your check string when concatenated (using the same X-Volt-Timed and version as earlier) would look like this:-
{"payment":"4a96elcb-8ae0-426c-a95e-d34f18fe32ad","reference":"EXAMPLE123","amount":8888,"status":"PENDING","detailedStatus":"BANK_REDIRECT"}|1631525064|1.0
and your HMAC signature (using the same notification secret as earlier) would be
d98e0106b07c3d0521cc5e2ff06b62f9a3db6c476d701fde0dde7bfb0eb78428Check your working
Use our handy interactive form to test the HMAC signature calculation – post in the details you get from a Volt notification to re-calculate the signature using your notification secret.
- On this page
- Testing notifications
- Check your working