Using the Validate Relay Response HTML option

This option is enabled by checking "Validate Relay Response HTML" in the "Relay Response" tab of the Administration console.

If enabled, E-xact performs an extra validation of the relay response passed back by the merchant server.  In order to pass this validation, the merchant server must calculate an HMAC-MD5 digest of the response content and include the digest as part of the response header.

To calculate this HMAC-MD5 digest, the merchant server should use:

  • key - the Transaction Key from the payment page configuration
  • message - the HTML content to be returned for the relay response

To include this digest in the relay response, the merchant server should:

  • add an HTTP header field called 'Signature'
  • set the field value to be a concatenation of the x_login value of the payment page and the digest, separated by a colon

For example, using the values in the table below:

Field Value
x_login WSP-GOODS-70
Transaction Key AL81Li7D4laXYDtpfgO_lInQ
relay response HTML content <html><head></head><body>hello from merchant server</body></html>

Following are snippets of the digest calculation in a few languages:


require 'openssl'

OpenSSL::HMAC.hexdigest('md5'), 'AL81Li7D4laXYDtpfgO_lInQ', '<html><head></head><body>hello from merchant server</body></html>')


import hmac
import hashlib

h ='AL81Li7D4laXYDtpfgO_lInQ','<html><head></head><body>hello from merchant server</body></html>',hashlib.md5)


hash_hmac('md5','<html><head></head><body>hello from merchant server</body></html>', 'AL81Li7D4laXYDtpfgO_lInQ');

the resulting HMAC-MD5 digest would be


and the Signature header for the response would look like:

Signature: WSP-GOODS-70:1ba55452cc7e799324c69af2b675346b
Have more questions? Submit a request


Please sign in to leave a comment.
Powered by Zendesk