Amazon pay always prompts a signature error

[iiDestiny]

I have checked the documentation many times and then followed the integration guide to coding

https://developer.amazon.com/zh/docs/amazon-pay-checkout/add-the-amazon-pay-button.html

PHP

Route::any('t', function () {
        $config = [
            'public_key_id' => 'SANDBOX-AFXFSBQVGCOQVCKVTF3BZDJA',
            'private_key'   => base_path() . '/../' . config('services.amazon_pay.private_key'),
            'region'        => 'us',
            'sandbox'       => true,
        ];

        $client  = new \Amazon\Pay\API\Client($config);
        $payload = [
            'storeId'            => 'amzn1.application-oa2-client.43f65b01ae1448c2b6f2713f20cb31b9',
            "scopes"             => ["billingAddress"],
            'webCheckoutDetails' => [
                'checkoutReviewReturnUrl' => 'http://localhost:3000',
                'checkoutResultReturnUrl' => 'http://localhost:3000',
                'checkoutCancelUrl'       => 'http://localhost:3000',
            ],
        ];

        $signature = $client->generateButtonSignature($payload);

        return response()->json([
            'signature' => $signature, 'payloadString' => $payload,
        ]);
    });

The values in my sandbox

Front-end section

import { useEffect } from 'react'
import { amazonCheckoutJs } from 'utils/helper'
import { httpProvider } from 'utils/http'

const AmazonPay = () => {
    useEffect(() => {
        ;(async () => {
            const a = await httpProvider({
                url: `/t`,
                method: 'get',
            })
            console.log(a)
            const amazon = await amazonCheckoutJs()
            console.log(JSON.stringify(a.payloadString))

            amazon.Pay.renderButton('#AmazonPayButton', {
                // set checkout environment
                merchantId: 'A1UV7YCAO4HL9I',
                publicKeyId: 'SANDBOX-AFXFSBQVGCOQVCKVTF3BZDJA',
                ledgerCurrency: 'USD',
                // customize the buyer experience
                checkoutLanguage: 'en_US',
                productType: 'PayAndShip',
                placement: 'Product',
                sandbox: true,
                buttonColor: 'Gold',
                // configure Create Checkout Session request
                createCheckoutSessionConfig: {
                    payloadJSON: JSON.stringify(a.payloadString),
                    signature: a.signature, // signature generated in step 3
                },
            })
        })()
    }, [])

    return (
        <div>
            <div id="AmazonPayButton"></div>
        </div>
    )
}

export default AmazonPay

Format in newwork

api response

{"signature":"D18MTJkq4R3vFqIGIiYvZp4YB6oh0nvoBadb\/yv60SKCdlz+rbBf\/Job6bYMizEwHiNTcnjYhMlZzb+7LmtUMrVpiOBP2NVjsBZpWMdZp6zAKkKu1fysUzk8yVW6WVPeQlP1IULPswlPjT9bgOfViGgtTC7qJk+pWjZ0kjFWLjGgVhKYeUmeu7wMUM6Y3mTuvLJAPZjqBi0hCo5sytfaNHJptDJ0F6wuvTjmA2Rso541rSxCzr4\/uNX32POORyodnEMTvvstL+uz2L3J5HrAqYFw\/h4ml0+GDfgV91wT86abTLzfnBAFKryqEvf+LwbDZHrBOJE8wzyjMP3DUpWkRA==","payloadString":{"storeId":"amzn1.application-oa2-client.43f65b01ae1448c2b6f2713f20cb31b9","scopes":["billingAddress"],"webCheckoutDetails":{"checkoutReviewReturnUrl":"http:\/\/localhost:3000","checkoutResultReturnUrl":"http:\/\/localhost:3000","checkoutCancelUrl":"http:\/\/localhost:3000"}}}

error

Clicking the pay button always gets a signature error

[iiDestiny]

@shangamesh @bjguillot thanks

[shangamesh]

Hi If you are using latest version of SDK (i.e 2.3.0) then as a part of signature button integration, "algorithm" need to be provided as additional field in "createCheckoutSessionConfig" while rendering Amazon Pay button.

Example of "createCheckoutSessionConfig" :

createCheckoutSessionConfig: {           
    payloadJSON: '{"webCheckoutDetails":{"checkoutReviewReturnUrl":"https://localhost/test/checkoutReview.html"},"storeId": "amzn1.application-oa2-client.xxxxx","scopes": ["name", "email", "phoneNumber", "billingAddress"]}',
    signature: 'SIGNATURE', // Signature Obtained by calling "generateButtonSignature(payload)" method
    algorithm: 'AMZN-PAY-RSASSA-PSS-V2' // This Parameter is mandatory
} 

[iiDestiny]

yea, just pulled the latest version today

Thank you for your reply, I'm going to try it

[iiDestiny]

Thanks, it work

[shangamesh]

Thanks for the update

[iiDestiny]

HI, I'm not sure what's going on, the code didn't change anything and suddenly it says signature mismatch again @shangamesh

[iiDestiny]

[shangamesh]

Hello, Please use the following button code if you are using latest version of SDK (i.e 2.3.2)

createCheckoutSessionConfig: {           
    payloadJSON: '{"webCheckoutDetails":{"checkoutReviewReturnUrl":"https://localhost/test/checkoutReview.html"},"storeId": "amzn1.application-oa2-client.xxxxx","scopes": ["name", "email", "phoneNumber", "billingAddress"]}',
    signature: 'SIGNATURE', // Signature Obtained by calling "generateButtonSignature(payload)" method
} 

The field algorithm: 'AMZN-PAY-RSASSA-PSS-V2' is not required. We reverted the change of having the algorithm in v 2.3.1.

Please use latest version of SDK & remove algorithm from button code. It will work

[iiDestiny]

Thanks

[iiDestiny]

@shangamesh Hi, sorry to bother you again. After upgrading to version 2.6.2 based on the previous SDK version 2.3.2, I followed the release instructions to include the algorithm in the client retrieval. However, I'm still experiencing a signature failure. I am quite puzzled.

backend

frontend

sandbox result

After the issue with version 2.3.2 last time, there were no code changes made. Only the algorithm identifier mentioned in the version release notes was added.

[iiDestiny]

[shangamesh]

@iiDestiny I took version 2.6.2 & tested the button signature. I can conform it is working fine (i.e button is not throwing InvalidSignature error) with AMZN-PAY-RSASSA-PSS-V2 algorithm

I noticed that in $payload passed to generateButtonSignature method doesn't contain storeId which is required field. Can you pass storeId in payload & verify it once ?

[iiDestiny]

Thank you, I suspect that caching was affecting the signature. Now it is working properly.