Skip to content

Signature Verification🔗

Data as a POST array🔗

The signature is calculated as follows: the data that we are going to transfer is sorted recursively by keys in ascending order.

Sorting example on PHP (sorting is needed only if the data is not transferred as JSON):

$data = $_POST;
if ( !$data['action'] ) $data['action'] = $_GET['action'];

function client_data_cmp($a, $b) {
    if (is_numeric($a) && is_numeric($b)) {
        return $a > $b;
    }
    return strcasecmp($a, $b);
}

function uksort_tree(&$array) {
    foreach ($array as $key => $value) {
        if (is_array($value)) {
            uksort_tree( $array[$key]);
        }
    }
    uksort($array, "client_data_cmp");
}

uksort_tree($data);

Before sorting, check the presence of the action parameter. If it's not present, take it from the GET parameters! Now we merge the data in one string using http_build_query (). Add to the string server secret key with the ampersand (&) character. In a sense, the secret key is the salt for the hash that we now get from the entire resulting data string.
md5 () of the string of data is the signature that we append using the GET parameter with the hash key.

Example of generating hash in PHP:

$query = http_build_query($data);
$hash = md5($query . '&'. $secret_key);

The game server must be ready to process data sent from MRGS and respond in json format, {"status":0} if everything went well. Otherwise, the game server must respond with any negative integer in the status, which will be written to the database as error_code. Also, the game server can add a text description of the error which occurred, in the error key. For example, the game server expected us to send it a bonus, but this did not happen. For some reason, the bonus data did not come. In this case, the response should be, for example: -1. It is also necessary to mark which code corresponds to which error. In the future, all failed transfers will be processed manually.

Data in JSON format🔗

Signing requests for the data coming in in the JSON format is a little easier. The data is already sorted on the server. You only need to add the ampersand (&) character and the server secret key to the string. And generate md5() of this string.

$f = fopen('php://input','r');
if ($f) {
    $post = '';
    do {
        $d = fread($f,1024);
        $post .= $d;
    } while ($d);
    fclose($f);
}
$hash = md5($post . '&'. $secret_key);

If the checkbox "Automatically close payments and bonuses" is checked in the application settings, the server needs to respond to successful processing with {"status":0} EVEN IF SUCH PAYMENT OR BONUS HAS ALREADY COME AND PROCESSED! This is necessary so that MRGS also closed the payment or the bonus on its server and does not send it again.

Last update: 2020-04-13
Created: 2020-01-16