Documentation
  • Introduction
  • ⚑Quick Guide
  • APIs
    • πŸ‡¦πŸ‡ͺUAE Resident ID OCR
    • πŸ”‘OAuth Token
    • πŸ†”National ID OCR
      • πŸ”API Response
    • πŸ§‘β€πŸ’ΌFace Match
      • Face Match (Two Images)
      • Face Match (Image & Transaction ID)
    • ✈️Passport
    • ✈️Libyan passport
    • πŸš—Car License
    • ↔️Transliteration
      • National ID Transliteration
      • Commercial Register Translation
      • Names Transliteration
    • 🏫Know Your Business (eKYB)
      • πŸ“–Data Extraction & Verifications
        • Egyptian Commercial Register ID OCR
          • βœ…With Verification
        • Egyptian Tax Card OCR
    • πŸ“„Valify Sanction Shield
      • Sanction Shield v2.1.0
    • Sanction Shield v2.0.0
    • πŸ›‘οΈSupported lists
    • ❓Transaction Inquiry
    • πŸ“·Fetch Images
    • πŸ”’OTP
      • πŸ“²Send Phone OTP
      • βœ…Verify Phone OTP
      • πŸ“₯Send Email OTP
      • βœ…Verfiy Email OTP
    • Response Data Validation
  • Error Codes
    • Valify Error Codes
    • HTTP Codes
  • References
Powered by GitBook
On this page
  • Calculation
  • Code Snippets
  1. APIs

Response Data Validation

You can validate the response data of all service APIs and its integrity through HMAC. With every successful Service API response, a header with key "hmac" contains the HMAC digest value. You can calculate the HMAC digest of the response body, and then compare it to the digest in the header.

Calculation

Steps:

  1. Sort the fields inside the "result" object by key in ascending alphabetical order (Lexicographical order)

  2. Concatenate the ordered values into a single string (No separators)

  3. Sort the fields inside the response body in lexicographical order.

  4. Concatenate the ordered values into a single string (No separators)

  5. Calculate the HMAC digest of the using SHA512 and the bundle’s HMAC key. HMAC Key will be provided separate from the documentation.

  6. Convert the digest into Hexadecimal Lowercase format.

  7. Compare the resulting digest with the one in the response header.

Example:

Consider the following response for the Egyptian National ID OCR:

hmac_key = "secret_key"

response_data = {
  "result": {
    "back_nid": "back_nid",
    "date_of_birth": "date_of_birth",
    "expiry_date": "expiry_date",
    "gender": "gender",
    "husband_name": "husband_name",
    "marital_status": "marital_status",
    "profession": "profession",
    "release_date": "release_date",
    "religion": "religion",
    "area": "area",
    "first_name": "first_name",
    "front_nid": "front_nid",
    "full_name": "full_name",
    "serial_number": "serial_number",
    "street": "street"
  },
  "transaction_id": "transaction_id",
  "trials_remaining": 3,
}

concatenated_string = "areaback_niddate_of_birthexpiry_datefirst_namefront_nidfull_namegenderhusband_namemarital_statusprofessionrelease_datereligionserial_numberstreettransaction_id3"

calculated_digest = "d3f33383a5eae30125523bc8e6bdfbbe08cec2d87fb6f54e273e78faeec2fbc0f652d8e5f183729c3de405863018f9309f25b8000f3ca925d3efafdd4d4c0b70"

Code Snippets

import hashlib
import hmac
from collections import OrderedDict

def concatenate_dict(data_dict):
    od = OrderedDict(sorted(data_dict.items()))
    message = ''
    for _, v in od.items():
        if type(v) is dict:
            message += concatenate_dict(v)
        elif type(v) is bool:
            message += str(v).lower()
        elif v is None:
            message += 'null'
        else:
            message += str(v)

    return message

def calculate_digest(response_data, hmac_key):
    # Convert dict to string
    message = concatenate_dict(response_data)

    # Compute HMAC using SHA512
    calculated_hmac = hmac.new(
        hmac_key.encode('utf-8'),
        message.encode('utf-8'),
        hashlib.sha512
    ).hexdigest().lower()

    return calculated_hmac
    
response_data = {
    # Service API Response Data
}
hmac_key = "<hmac-key>"

print(calculate_digest(response_data, hmac_key))
PreviousVerfiy Email OTPNextError Codes

Last updated 1 year ago