Table of Contents
If the SignatureVersion parameter of your Return URL or IPN response has a value of 1, and you want to validate the response, you must use the following process to verify the legitimacy of a return from Amazon Payments.
The previous method for signing will expire on 01 November, 2010. At that time, any signing you do with your access keys must be done using the new method.
Because of the impending expiration of signature version 1, you should migrate to signature version 2 as soon as you can. For more information, see Appendix: Moving your Application to Signature Version 2
Table 9.1. Verifying a return signature
| 1 | Decrypt the request. |
| 2 | Read the AWS Access Key ID from the request. Check that it is a valid Access Key ID. |
| 3 | Use the AWS Access Key ID value to look up the value of your Secret Key. |
| 4 | Remove the signature parameter and its value from the request. |
| 5 | Use your Secret Key and the remainder of the request to compute the signature of the request. To generate a signature, see How to Generate a Signature??? |
| 6 | Compare that signature with the signature in the original request. |
| 7 |
The signatures must match. If they do not, an error is returned. |
For more information about handling responses, see Handling Return Content. This process assumes you are signing your buttons. If you choose not to sign them, you should verify that none of the parameters have been changed after the message was sent by some other means (to prevent signing, you need to clear the Sign the buttons? option in your default configuration, as explained in Configuring Your Default Button Values).
If you enable access key rotation using signature version 1, the outbound notifications will be signed according to the rules in the following table. These rules are dependant on three conditions:
Your account has two active key pairs (referred to below as K1 and K2)
K1 was created before K2.
You use K2 to sign the incoming request (FPS API/CBUI pipeline/Simple Pay button request)
The responses will be signed using K2 for all the corresponding outbound notifications generated by the request.
If you deactivated K2 before all the outbound notifications are generated, the signatures for all pending notifications will be generated using K1 (the oldest active key). For example:
A Pay request is signed using K2.
The Payment Initiated IPN is signed using K2 and sent to the specified IPN endpoint.
K2 is deactivated or deleted and a new key, K3, is created.
The Payment Successful IPN is signed using K1 and sent to the specified IPN endpoint.
An Amazon Simple Pay Standard Button is signed using K2.
The data sent to the success return URL is signed using K2.
K2 is deactivated or deleted and a new key, K3, is created.
The Payment Successful IPN is signed using K1 and sent to the specified IPN endpoint.
If all the keys are deactivated or deleted before the outbound notification is generated, we send the notification without any signature.
For information about access key rotation, see Access Key Rotation.