Page Notifications Off
Share page
  1. Zuora Knowledge Center
  2. Zuora User Guides
  3. Commerce
  4. Z-Payments Page User Guide
  5. Implementing Z-Payments Page on Your Website
  6. Generate the Signature for the iFrame
Was this article helpful?

Generate the Signature for the iFrame

Modified 10:15, 21 Feb 2012 by Neal Kaplan | Page History
  1. 1. Overview
  2. 2. Generate a URL
    1. 2.1. Domain
    2. 2.2. ID (Page ID)
    3. 2.3. Tenant ID
    4. 2.4. Timestamp
    5. 2.5. Token
  3. 3. Retrieve the API Security Key
  4. 4. Generate a Signature
    1. 4.1. Encode the String
  5. 5. What's Next
  6. 6. Related

Overview

This section describes the steps that need to be taken in order to dynamically generate the security signature of the hosted iFrame.

Generate a URL

To load the hosted page, you will make a request to Zuora for the iFrame using security measures. Inside the iFrame URL there are several components that will need to be set to generate the iFrame:

SRC="domain/PublicHostedPaymentMethodPage.do?method=requestPage&id=... &tenantId=...&timestamp=...&token=...&signature=...

You can see a sample of the iFrame code at the bottom of the Preview Hosted Payment Method Page.

icon_important.gifImportant: The iFrame URL from the preview page is valid for 30 minutes after it is generated. You must add logic to dynamically generate the timestamp/token when calling the hosted page.

 

ZPP_HTML_code.png

See the following sections for more information about the required parameters. 

Domain

The domain depends on which Zuora server you are using. 

For example:

https://apisandbox.zuora.com/apps

ID (Page ID)

The ID (Page ID) is a unique identifier for each hosted page you can create. The ID can be retrieved from clicking on the "Show Page Id" link on the List Page:

id picture.jpg

 

For example: id=4028e697325f8e970132603326446b33

Tenant ID

To find your tenant ID, navigate to Settings > Administration Settings > Manage Tenant Profile. This page displays information about your tenant, including your Tenant Id.

For example: 10514

Timestamp

Create a timestamp in UTC (GMT) format in milliseconds.

For example: 1316846058955

Token

The token is a random alphanumeric token of 32 characters that has not been used in the past 48 hours. Every page submission will "consume" a token.

Once a token have been consumed, it will be blacklisted for 48 hours. Therefore, whenever a Z-Payments Page needs to be reloaded (for example, after an unsuccessful submission), a new token needs to be created in order to generate a new iFrame.

For example:  7av18bEz97Jrq9K6z0QPyvJpIqIxSmZc

Retrieve the API Security Key

You must include the Hosted Pages API security key with the signature. To obtain the API Security Key, navigate to the Hosted Pages page (Settings > Z-Payments Settings > Setup Hosted Pages). Click get api security key, then copy the key from the pop-up dialog.

ZPP_api_security_key.png

You will use the API security key to generate the signature. The API security key is the only parameter used in signature generation that is not transmitted in the public URL.

Generate a Signature

To generate the signature for the URL, you must create a string that concatenates the following input values:

  • ID
  • Tenant ID
  • Timestamp
  • Token
  • API security key

Use the following format for the string:

id=<id>&tenantId=<tenantID>&timestamp=<timestamp>&token=<token><APISecurityKey>

icon_important.gifImportant: Do not add a space or other character between the token and the API security key. 

For example, using the following values:

  • id: 4028e697325f8e970132603326446b33
  • tenant: 10514
  • timestamp: 1316846058955
  • token: 7av18bEz97Jrq9K6z0QPyvJpIqIxSmZc
  • API Security Key: PEq1yiahIyFO6XxpyuCWyLoG4ym_HAklH2-FfAisLuk=

The resulting concatenated string would look like the following:

id=4028e697325f8e970132603326446b33&tenantId=10514&timestamp=1316846058955&token=7av18bEz97Jrq9K6z0QPyvJpIqIxSmZcPEq1yiahIyFO6XxpyuCWyLoG4ym_HAklH2-FfAisLuk=

Encode the String

Next, you must encode the resulting string.

  1. Encode string in UTF-8 format.
  2. Generate a hash using MD5 and convert to Base16 (Note: PHP generates MD5 as Base16 by default, so this step is necessary for language such as Java and .NET which generate MD5 Base10 by default).
    • Result after this step: 856832ff9bac443d486e608783d78e57
  3. Convert to Base64 in URL Safe Mode.  Base 64 in URL Safe Mode refers a base 64 format that is safe to be used in URL, altering the available alphabet of the base 64 which replaces + and / with - and _ (respectively).
    • The resulting output should be: ODU2ODMyZmY5YmFjNDQzZDQ4NmU2MDg3ODNkNzhlNTc=

The result from step 3 above is the signature to be used for the iFrame URL.

Refer to the demo projects sample code section for examples on how to do this encoding.

What's Next

Next, Embed and Submit the iFrame.

Was this article helpful?
Pages that link here
Page statistics
815 view(s), 24 edit(s) and 7970 character(s)

Tags

This page has no custom tags set.

Comments

You must to post a comment.

Attach file

Attachments

FileVersionSizeModifiedOptions