Authentication

To authenticate UPI(Payin) and Payout requests, we require a Client Secret and a Public Key

1. Client Secret

The Client Secret is used for security purposes. Your "Client Secret" carry many privileges, so be sure to keep them secret!

How to generate client secret:
  1. Use the below algorithm to generate client secret.
  2. You can use registration ID or Client ID provided by AO Pay.
  3. After generating the client secret please provide this to AO Pay team.

Algorithm

public static string GenerateClientSecret(string RegistrationID)
{
    string SecerateKey = GenerateSHA256Secret(RegistrationID);
    using (var hmac = new HMACSHA256(Encoding.UTF8.GetBytes(SecerateKey)))
    {
        byte[] hashBytes = hmac.ComputeHash(Encoding.UTF8.GetBytes(RegistrationID));
        return Convert.ToBase64String(hashBytes);
    }
}

public static string GenerateSHA256Secret(string RegistrationID)
{
    using (SHA256 sha256 = SHA256.Create())
    {
        byte[] hashBytes = sha256.ComputeHash(Encoding.UTF8.GetBytes(RegistrationID));
        return Convert.ToBase64String(hashBytes);
    }
}

string RegistrationID = "AOP-XXX"; // Can be a User ID (Provided by AO Pay)
string clientSecret = GenerateClient_Secret.GenerateClientSecret(RegistrationID);
Console.WriteLine($"🔑 Generated Client Secret: {clientSecret}");

2. Public Key

You can obtain the Public Key from your production or UAT server. The keys differ for both environments. If you encounter issues, please contact our support team.

Public Key Example

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsc/U2lp0A8MEZje09f9M
Wci/NTVtDAB5lXHendSp1l+Zx/OQ5GxB+g2nxwmNFxl817PU60/oY6wKVA56gkyT
weFAAiEgMbexqgeHUbMW6vd1O3om2Hfo0OTRS5/4eVphgLUGzCFhY0ju3NfAWbLN
zXOAkpr/36Cb5Jj9YFBbutVScqPOjTOkIA0D/9uBeByARkaU4U1D3L9N3aJ9K4bT
-----END PUBLIC KEY-----

Did this page help you?     Yes    No