Amazon Flexible Payments Service
Advanced Quick Start (API Version 2010-08-28)
AWS Documentation » Amazon Flexible Payments Service » Advanced Quick Start » Code Samples » Understanding the Amazon FPS Samples » Understanding the VerifySignature Sample
« PreviousNext »
View the PDF for this guide.Go to the AWS Discussion Forum for this product.Did this page help you?  Yes | No |  Tell us about it...

Understanding the VerifySignature Sample

This section explains how to use the Java version of the VerifySignature API. If you want to use one of the other sample libraries, they are set up nearly identically to the Java sample. To see file locations for the VerifySignature sample for your preferred language, see Locations of the VerifySignatureSample Files in Other Libraries.

To use the sample, do the following

Using the VerifySignature Sample

1

Set up your programming environment so that the program will compile without warnings or errors. For the Java sample, this includes ensuring that the files and sub folders in the [package-root]/src and [package-root]/third-party folder are in the java classpath.

2

In the [package-root]/src/config.properties file, set the values for AwsAccessKey and AwsSecretKey using your security credentials.

Important

Your Secret Access Key is a secret, which only you and Amazon should know. It is important to keep it confidential to protect your account. Store it securely. Never include it in your requests to the Amazon Flexible Payments Service (Amazon FPS), and never email it to anyone. Do not share it outside your organization, even if an inquiry appears to come from Amazon Web Services (AWS) or Amazon.com. No one who legitimately represents Amazon will ever ask you for your Secret Access Key.

To get your credentials, see Getting an AWS Account in the Amazon Simple Pay Getting Started Guide.

In the same file, if you want to target the sandbox, change the AwsServiceEndPoint property to https://fps.sandbox.amazonaws.com. Then save the file.

3

In the [package-root]/src/com/amazonaws/fps/samples/VerifySignature.java file, find the section containing the lines:

VerifySignatureRequest fpsRequest = new VerifySignatureRequest();
                     // @TODO: set request parameters here
                     // invokeVerifySignature(service, fpsRequest);

(The VerifySignatureRequest, VerifySignatureResult, and VerifySignatureResponse classes are located in [package-root]/src/com/amazonaws/fps/model folder.)

4

In the same file, remove the comment on invokeVerifySignature, and after it add the VerifySignature parameter assignments consistent with your transaction. For example:

fpsRequest.setAction("VerifySignature");
fpsRequest.setUrlEndpoint("http://myApplication/my-ipn-response.pgp");
fpsRequest.setHttpParameters(
   "Name1=Joe&
   "Name2=College&" + 
   "signatureVersion=2&" + 
   "signatureMethod=HMACSHA256&" + 
   "certificateUrl=https://fps.amazonaws.com/cert/key.pem&" +
   "signature=aoeuAOE123eAUdhf]");

Save the file. For information on the parameters to VerifySignature, see VerifySignature.

5

Compile and run the sample.

The program copies to standard out a representation of the VerifySigatureResponse XML fragment similar to the following: 

VerifySignature Action Response
 =======================================
  VerifySignatureResponse
   VerifySignatureResult
    True
   VerificationStatus
    Success
  ResponseMetadata
   RequestId
    bda6-4f5f-b37b-1a146b9a-b9e45c3012a5:0

For information on the XML document returned by VerifySignature, see VerifySignature.


In addition to simple API invocation, the samples provide you the following advanced options:

  • The ability to simulate a mock Amazon FPS service and get responses without a live connection.

  • Specifying a proxy host and port, through config.properties.

  • Setting the endpoint, through config.properties

  • Logging, through log4j.properties

Document Conventions« PreviousNext »
Terms of UseDid this page help you?  Yes | No |  Tell us about it...