🧾 Version: 2.1
📅 Date de mise à jour: 28/08/2025
This document is intended to partners willing to connect to Chari Pay platform. It contains technical specifications that payment gateways must fulfill in order to accept payment transaction through Chari Pay connections to payment systems. In this document, reader will find security requirements, integration architecture, and detailed specifications for all messages involved in use cases such as purchase requests, transaction details, and server-to-server notifications.
JSON messages exchanged between the Partner and Chari Pay platform contains important data as well as sensitive data. Message integrity is validated using keyed-hash message authentication code (HMAC). The message signature is help in the field "signature" of each one. Message signature is computed using HMACSHA256 algorithm, and involves a secret cryptographic key, provided by Chari Pay, which is securely stored and identifies the Partner.
Disclaimer: HMAC key is a highly sensitive information which, beyond message integrity validation, grants access to ChariPay API. Secure storage and usage of the HMAC key is at the discretion of the Partner.
ChariPay platform validate systematically the integrity of every message received from Partners, and highly recommend Partners to do the same for every message they receive from ChariPay.
All the fields present in a message are taken into consideration to compute and validate message signature. Chari Pay generates for each message a buffer from the concatenation of fields’ values in the order they appear in each table in this document.
The payment workflow is detailed below.
Fig.1 . Payment Workflow
The diagram below represents the payment flow and system interactions through Chari Pay .
Fig.2.System Payment Flow Diagram
Below is the description of each step, as shown in the diagram above.
| Step | Description |
|---|---|
| 1 | Customer initiates the payment on the merchant's website or mobile app. |
| 2 | Merchant sends the payment request to Chari Pay |
| 3 | Chari Pay triggers the 3D Secure verification . |
| 4 | After authentication, Chari Pay forwards the request to the acquirer |
| 5 | The acquirer sends the transaction to the issuer for authorization. |
| 6 | Issuer processes the request and returns an approval or decline response to the acquirer. |
| 7 | The Acquirer displays the payment result to Chari Pay . |
| 8 | Chari Pay sends the result to the merchant |
| 9 | Merchant displays the payment result to the customer. |
Signature Calculation