Amazon Flexible Payments Service
API Reference (API Version 2010-08-28)
AWS Documentation » Amazon Flexible Payments Service » API Reference » Amazon FPS API Actions » All Actions » VerifySignature
« PreviousNext »
View the PDF for this guide.Go to the AWS Discussion Forum for this product.Did this page help you?  Yes | No |  Tell us about it...

VerifySignature

Description

VerifySignature enables you to verify the signature included with outbound notifications. A correctly formatted call using VerifySignature returns a positive result when the signature is valid for the response that contained it.

This action is a component of signature version 2. Because of this, you may only use it with responses which have a SignatureVersion value of 2. As of 10 February, 2011, Amazon Payments signs all outbound responses with signature version 2. Unsigned outbound responses are no longer supported.

Note

You sign VerifySignature as you would any other Amazon FPS action.

This action appears in all Amazon FPS Quick Starts as well as in the Amazon Simple Pay Advanced Guide.

Request Parameters

ParameterDescription

Required

UrlEndPoint

A required field that contains the appropriate originating endpoint (either the returnUrl or ipnUrl) that received the response. For example, if your web application resides at http://my-app-website.biz/, the returnUrl might be http://my-app-website.biz/amazon/success.php, and the IPNUrl might be http://my-app-website.biz/amazon/ipnProcessor.php.

Type: String

Default: None

Constraint: Cannot be null or empty

Yes

HttpParameters

Concatenated string of all URL-Encoded parameters which were included in the response containing the signature you want to verify. This includes the certificateUrl, signatureVersion, signatureMethod and signature parameters.

For example, a correctly formatted and URL-encoded string resembles the following:

First%20Name=Joe&Last%20Name=Smith&signatureVersion=2
&signatureMethod=HMACSHA256&certificateUrl=https%253A
%252F%252Ffps.amazonaws.com%252Fcert%252Fkey.pem&signatur
e=aoeuAOE123eAUdhf]

Tip

For validating the returnUrl, you can extract the query string from the returnUrl (excluding the '?' character). For validating the IPNUrl, concatenate the POST parameters.

Type: String

Default: None

Constraint: Cannot be null or empty. In addition, because VerifySignature is a component of signature version 2, the value for signatureVersion must be 2.

Yes

You must also use the Action parameter as described in Common Request Parameters. Parameter names are case sensitive.

Response Elements

ElementDescription

VerificationStatus

The result of the verification, either Success or Failure.

Type: VerificationStatus

Responses also include elements common to all responses. For more information, see Common Response Elements.

Errors

This action can return the following errors:

Examples

Sample REST Request

This section shows a sample request.

https://fps.sandbox.amazonaws.com/?Action=VerifySignature&UrlEndPoint=h
ttp%3A%2F%2Fexample.com%3A8080%2Fipn.jsp&HttpParameters=expiry
%3D08%252F2015%26signature%3DynDukZ9%252FG77uSJVb5YM0cadwHVwYKPMKO
O3PNvgADbv6VtymgBxeOWEhED6KGHsGSvSJnMWDN%252FZl639AkRe9Ry%252F7zmn9CmiM
%252FZkp1XtshERGTqi2YL10GwQpaH17MQqOX3u1cW4LlyFoLy4celUFBPq1WM2ZJnaNZRJ
IEY%252FvpeVnCVK8VIPdY3HMxPAkNi5zeF2BbqH%252BL2vAWef6vfHkNcJPlOuOl6jP4E
%252B58F24ni%252B9ek%252FQH18O4kw%252FUJ7ZfKwjCCI13%252BcFybpofcKqddq8C
uUJj5Ii7Pdw1fje7ktzHeeNhF0r9siWcYmd4JaxTP3NmLJdHFRq2T%252FgsF3vK9m3gw%2
53D%253D%26signatureVersion%3D2%26signatureMethod%3DRSA-SHA1%26certific
ateUrl%3Dhttps%253A%252F%252Ffps.sandbox.amazonaws.com%252Fcerts%252F09
0909%252FPKICert.pem%26tokenID%3DA5BB3HUNAZFJ5CRXIPH72LIODZUNAUZIVP7UB7
4QNFQDSQ9MN4HPIKISQZWPLJXF%26status%3DSC%26callerReference%3DcallerRefe
renceMultiUse1&AWSAccessKeyId=AKIAIOSFODNN7EXAMPLE&Timestamp=2010-02-26
T19%3A48%3A05.000Z&Version=2008-09-17&SignatureVersion=2&SignatureMetho
d=HmacSHA256&Signature=fKRGL42K7nduDA47g6bJCyUyF5ZvkBotXE5jVcgyHvE%3D

Sample Query Request 

GET\n
fps.sandbox.amazonaws.com\n
Action=VerifySignature&UrlEndPoint=http%3A%2F%2Fexample.com
%3A8080%2Fipn.jsp&HttpParameters=expiry%3D08%252F2015%26signature%3Dy
nDukZ9%252FG77uSJVb5YM0cadwHVwYKPMKOO3PNvgADbv6VtymgBxeOWEhED6KGHsGSvSJ
nMWDN%252FZl639AkRe9Ry%252F7zmn9CmiM%252FZkp1XtshERGTqi2YL10GwQpaH17MQq
OX3u1cW4LlyFoLy4celUFBPq1WM2ZJnaNZRJIEY%252FvpeVnCVK8VIPdY3HMxPAkNi5zeF
2BbqH%252BL2vAWef6vfHkNcJPlOuOl6jP4E%252B58F24ni%252B9ek%252FQH18O4kw%2
52FUJ7ZfKwjCCI13%252BcFybpofcKqddq8CuUJj5Ii7Pdw1fje7ktzHeeNhF0r9siWcYmd
4JaxTP3NmLJdHFRq2T%252FgsF3vK9m3gw%253D%253D%26signatureVersion%3D2%26s
ignatureMethod%3DRSA-SHA1%26certificateUrl%3Dhttps%253A%252F%252Ffps.sa
ndbox.amazonaws.com%252Fcerts%252F090909%252FPKICert.pem%26tokenID%3DA5
BB3HUNAZFJ5CRXIPH72LIODZUNAUZIVP7UB74QNFQDSQ9MN4HPIKISQZWPLJXF%26status
%3DSC%26callerReference%3DcallerReferenceMultiUse1&AWSAccessKeyId=AKIAI
OSFODNN7EXAMPLE&Timestamp=2010-02-26T19%3A48%3A05.000Z&Version=2008-09-
17&SignatureVersion=2&SignatureMethod=HmacSHA256&Signature=fKRGL42K7ndu
DA47g6bJCyUyF5ZvkBotXE5jVcgyHvE%3D

Sample Response to REST Request

This section shows a sample REST response.

<VerifySignatureResponse xmlns="http://fps.amazonaws.com/doc/2008-09-17/">
  <VerifySignatureResult>
    <VerificationStatus>Success</VerificationStatus>
  </VerifySignatureResult>
  <ResponseMetadata>
    <RequestId>197e2085-1ed7-47a2-93d8-d76b452acc74:0</RequestId>
  </ResponseMetadata>
</VerifySignatureResponse>
Document Conventions« PreviousNext »
Terms of UseDid this page help you?  Yes | No |  Tell us about it...