2

I am using NodeJs. and following the quick checkout Integration of Skrill Payment Gateway.

I am stuck at the time of success when we need to create msid and compare it with the provided one in the return success url for the authentication of request.

As per the docs (https://www.skrill.com/fileadmin/content/pdf/Skrill_Quick_Checkout_Guide.pdf) msid can be generated as The MD5 signature, with the following values:

• merchant_id, for example: 123456
• transaction_id, for example: A205220
• upper-case MD5 value of the ASCII
equivalent of your secret word, for
example:
F76538E261E8009140AF89E001341F17

and i am using the following code for the same.

var br = new Buffer.from('secret').join(' ').trim()
let sw = md5(br).toUpperCase()
let param_data = {
merchant_id: 'merchant-email@email.com',
transaction_id: "Ahjt786uy787",
secret_word: sw
}
let msid = crypto.createHash('md5').update(param_data.merchant_id+param_data.transaction_id+sw).digest('hex');
axcl
  • 410
  • 6
  • 21
  • i have gone through many questions on stackoverflow but it seems they are for older version when skrill was using moneybookers – axcl Sep 13 '18 at 05:21

1 Answers1

1

Please note that validation of msid and md5sig must be done only on your back-end, to protect your "secret word".

  • merchant-email@email.com is not your id, this is your email associated to the merchant_id. Log in at www.skrill.com with your merchant account and you should be able to located your id at the top right corner
  • you must use the md5 hash value of the secret word, before hashing the whole string

example msid function would be: md5(merchant_id + transaction_id + md5(secret_word))

Also note that msid parameter doesn't provide the transaction's status. It only proofs that customer completed the flow through the Gateway. You must be checking the transaction status that is sent to your "status_url" - ASYNC POST message sent by Skrill

Georgi Stefanov
  • 66
  • 1