# skey

<mark style="color:purple;">**skey**</mark> is a payment gateway generated returning hash string to ensure the payment result data integrity that passed to the merchant system. Merchants or developers MUST verify this hash string properly and compare the order ID, currency, amount, and the payment date/time, to protect self-interest from being cheated by a fraudster/hacker. It uses a “Secret Key” (like a private key) in combination with a data string for the hashing process.

Please note that there are other “<mark style="color:red;">**skey**</mark>” with different formulas in Merchant Request APIs’ parameters. Try not to confuse yourself with this payment response “<mark style="color:purple;">**skey**</mark>”.<br>

skey was encrypted twice using MD5 encryption hash function and consists of the following information (must be set in the following orders) :&#x20;

**First hash string**

1. Transaction ID
2. Order ID
3. Status
4. Merchant ID (domain)
5. Amount
6. Currency

**Final hash string**

1. Payment Date/Time
2. Merchant ID (domain)
3. First hash string
4. Approval Code
5. Secret Key

&#x20;

**Formula to generate&#x20;**<mark style="color:purple;">**skey**</mark>

pre\_skey = md5( txnID & orderID & status & merchantID & amount & currency)

skey = md5( paydate & merchantID & pre\_skey & appcode & secret\_key )

\
**Example to generate skey for PHP developer**

{% code overflow="wrap" %}

```php
<?php

$sec_key ="xxxxxxxxxx"; //Replace xxxxxxxxxx with your Secret_Key

/********************************
*Don't change below parameters
********************************/
$tranID 	=	$_POST['tranID'];
$orderid 	=	$_POST['orderid'];
$status 	=	$_POST['status'];
$merchant 	=	$_POST['domain'];
$amount 	=	$_POST['amount'];
$currency 	=	$_POST['currency'];
$appcode 	=	$_POST['appcode'];
$paydate 	=	$_POST['paydate'];
$skey 	              =	$_POST['skey']; //Security hashstring returned by PG

/***********************************************************
* To verify the data integrity sending by PG
************************************************************/
$key0 = md5( $tranID.$orderid.$status.$merchant.$amount.$currency );
$key1 = md5( $paydate.$merchant.$key0.$appcode.$sec_key );
//key1 : Hashstring generated on Merchant system 
// either $merchant or $domain could be one from POST
// and one that predefined internally 
// by right both values should be identical

if( $skey === $key1 ){
  // If matched, perform another extra checking before approved order

} elseif( $skey != $key1 ){
  // If unmatched, reject the order or merchant might send query to
  // PG using Merchant requery to double check payment status
  // for that particular order.
} else { 
  // error or exception case 
}

?>

```

{% endcode %}

<br>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://e2payprod.gitbook.io/payment-gateway/api-documentation/technical-doc-of-fiuu-id/security-and-data-integrity/skey.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.