Razer Thailand Direct API

# Authentication

Thailand Direct API uses signature to validate the valid request from Partner. Partner can use Secret Key (Provide by Razer) to calculate the signature.

# Signature calculation

Request signature for security. It will be applied to check between partner and Razer Thailand Direct API to make sure the request is originating from Partner.

# MD5

The signature is calculated as md5 checksum of the request parameters and SECRET KEY concatenated.

Important Security Update: Transitioning from MD5 to HMAC-SHA256

We are committed to maintaining the highest standards of security and ensuring the integrity and confidentiality of your data. As part of our ongoing security enhancements, we will be upgrading our cryptographic hash for the "sig" parameter from MD5 to HMAC-SHA256.

What This Means for You:

  • Enhanced Security: HMAC-SHA256 provides stronger security features and is less susceptible to vulnerabilities, ensuring your data remains secure.
  • Action Required: If you are currently using the MD5 to generate a signature in your request payload, you will need to update your request payload to use HMAC-SHA256.
  • Timeline: The transition will take place on December 31, 2024. Please ensure your request payload are updated before this date to avoid any service disruptions.
  • Payload without singature
?for=Game+Item+10+THB&channel=psms&operator=AIS
&orderid=01a74ea1-1276-4d75-b39f-9a81a3d0da80&price=10THB&sid=9910&uid=Kiana
  • Step 1 : Sort the parameters name alphabetically

String Key:

'channel' + 'for' + 'operator' + 'orderid' + 'price' + 'sid' + 'uid' + '{SECRET_KEY}'

String Value:

'psms' + 'Game Item 10 THB' + 'AIS' + '01a74ea1-1276-4d75-b39f-9a81a3d0da80' +
'10THB' + '9910' + 'Kiana' + '{SECRET_KEY}'
  • Step 2 : Concatenation Values
psmsGame Item 10 THBAIS01a74ea1-1276-4d75-b39f-9a81a3d0da8010THB9910Kiana{SECRET_KEY}
  • Step 3 : Encode with MD5
MD5('psmsGame Item 10 THBAIS01a74ea1-1276-4d75-b39f-9a81a3d0da8010THB9910Kiana{SECRET_KEY}')
  • Result in MD5
ef8011798c9a97c439f406b0392e75ec
  • Final payload with signature
?for=Game+Item+10+THB&channel=psms&operator=AIS
&orderid=01a74ea1-1276-4d75-b39f-9a81a3d0da80&price=10THB&sid=9910&uid=Kiana&sig=ef8011798c9a97c439f406b0392e75ec

# HMAC-SHA256

The signature is calculated as hmac-sha256 checksum of the request parameters and The SECRET KEY is used as the key for the HMAC-SHA256 hashing algorithm.

  • Payload without singature
?for=Game+Item+10+THB&channel=psms&operator=AIS
&orderid=01a74ea1-1276-4d75-b39f-9a81a3d0da80&price=10THB&sid=9910&uid=Kiana&hashType=hmac-sha256
  • Step 1 : Sort the parameters name alphabetically

String Key:

'channel' + 'for' + 'hashType' + 'operator' + 'orderid' + 'price' + 'sid' + 'uid'

String Value:

'psms' + 'Game Item 10 THB' + 'hmac-sha256' + 'AIS' + '01a74ea1-1276-4d75-b39f-9a81a3d0da80' +
'10THB' + '9910' + 'Kiana'
  • Step 2 : Concatenation Values
psmsGame Item 10 THBhmac-sha256AIS01a74ea1-1276-4d75-b39f-9a81a3d0da8010THB9910Kiana
  • Step 3 : Encode with HMAC (Example in PHP)
    • Example in PHP
      hash_hmac('sha256', 'psmsGame Item 10 THBhmac-sha256AIS01a74ea1-1276-4d75-b39f-9a81a3d0da8010THB9910Kiana', '{SECRET_KEY}')
    • Example in Node.JS with crypto lib
      crypto.createHmac('SHA256', '{SECRET_KEY}').update('psmsGame Item 10 THBhmac-sha256AIS01a74ea1-1276-4d75-b39f-9a81a3d0da8010THB9910Kiana').digest('hex')
  • Result in HMAC-SHA256
4056803a76d9e5be96098989c8fc1cde5d9b008f2453ff33283e78e7ad938c62
  • Final payload with signature
?for=Game+Item+10+THB&channel=psms&operator=AIS
&orderid=01a74ea1-1276-4d75-b39f-9a81a3d0da80&price=10THB&sid=9910&uid=Kiana&hashType=hmac-sha256&sig=4056803a76d9e5be96098989c8fc1cde5d9b008f2453ff33283e78e7ad938c62

IPs