How to fix the Cashfree payment gateway signature miss-match error?

Question

I've tried multiple ways and also referred their docs to fix this signature mismatch error. I've attached below the JAVA code that generated the checksum. I copied this logic from their 'seamless pro' integration docs.

    Map<String, String> postData = new HashMap<String, String>();

    postData.put("appId", cashfreeAppId);
    postData.put("orderId", orderId);
    postData.put("orderAmount", orderAmount.toString());
    postData.put("orderCurrency", orderCurrency);
    postData.put("orderNote", orderNote);
    postData.put("customerName", customerName);
    postData.put("customerEmail", customerEmail);
    postData.put("customerPhone", customerPhone);
    postData.put("returnUrl", returnUrl);
    postData.put("notifyUrl", notifyUrl);
    
    String data = "";
    SortedSet<String> keys = new TreeSet<String>(postData.keySet());

    for (String key : keys) {
        data = data + key + postData.get(key);
    }

    Mac sha256_HMAC = Mac.getInstance("HmacSHA256");
    SecretKeySpec secret_key_spec = new SecretKeySpec(cashfreeSecretkey.getBytes(), "HmacSHA256");
    sha256_HMAC.init(secret_key_spec);

    return Base64.getEncoder().encodeToString(sha256_HMAC.doFinal(data.getBytes()));

if anyone has a working sample of this checksum generation please provide the code snippet.

Answer 1

If you are using seamless pro integration make sure you are using the complete request parameters while generating the signature i.e payment mode and other details as well.

Answer 2

I faced similar problem while integrating Cashfree. You can make sure that the following points are validated:

1. You can go on the following link https://docs.cashfree.com/docs/checksum/ and try to generate the checksum for a particular set of values. Then see if the signature generated here is same as that generated by you.
2. If the signature is not matching then there's problem with your signature generation logic. You can head over to https://github.com/cashfree as many integration kits are available which includes the signature logic.
3. In case the signature is matching then check if all parameters are getting passed correctly to cashfree.

Hope this works for you.

Answer 3

First of all as per my reading the value of the response is the main parameter in generating signature during payment so we do not need to pass app id, any other than response field in that data. Thus need to generate data with only below field.

String orderId = verifySignatureRequest.getOrderId();
String orderAmount= verifySignatureRequest.getOrderAmount();
String referenceId = verifySignatureRequest.getReferenceId();
String txStatus = verifySignatureRequest.getTxStatus();
String paymentMode = verifySignatureRequest.getPaymentMode();
String txMsg = verifySignatureRequest.getTxMsg();
String txTime = verifySignatureRequest.getTxTime();

And user the secret key for encoding as per same you were using in your SDK. Refer the link : https://github.com/cashfree/java-pg-integration/blob/master/checkout/response.jsp for exact java implementation.