search

razorpay / razorpay-php

Razorpay PHP Library
MIT License
180 stars 124 forks source link

Can not verify payment signature. Error: invalid signature passed #369

Open Whip opened 6 months ago

Whip commented 6 months ago

Steps to reproduce the behavior

  1. Complete a normal test payment with callback_url
  2. On the callback_url page, use the following code to verify the signature of the payment

Expected behavior

Signature should match

Actual behavior

It returns error: Invalid signature passed

Code snippets

use \Razorpay\Api\Api;

if(isset($_POST['razorpay_payment_id'])){
    $rzApi = new Api(RZ_KEY, RZ_SECRET);

    try {
        $generatedSignature = $rzApi->utility->verifyPaymentSignature([ // source of error
            'razorpay_order_id' => $_POST['razorpay_order_id'],
            'razorpay_payment_id' => $_POST['razorpay_payment_id'],
            'razorpay_signature' => RZ_SECRET // This is a constant holding my secret key
        ]);
        } catch (Exception $e) {
        echo $e->getMessage(); // Invalid signature passed
        exit;
    }
}

Php version

v8.2

Library version

v2.9.0

Additional Information

For now I'm using this code which works fine

$generatedSignature = hash_hmac('sha256', $_POST['razorpay_order_id'].'|'.$_POST['razorpay_payment_id'], RZ_SECRET);