Transparent Redirect


Fields at risk of user manipulation can be setup as Hash Required. When this requirement exists, a second field is validated for a hash value. The hash can only be generated using the clear text value and a secret "salt" value known only by your organization and Paperless Transactions. If the hash value passed does not match the hash created, the entire post will fail.

Below is a sample of the hashing algorithm in C#. Hashes can also be produced by calling the GenerateHash method available on the Back Office API.

    /// This method will generate hash value for use with
    /// Paperless Transactions' Transparent Redirect Service 
    string GenerateHash(string clearText, string saltValue)
        if (string.IsNullOrEmpty(clearText)) throw new ArgumentNullException("clearText");
        if (string.IsNullOrEmpty(saltValue)) throw new ArgumentNullException("saltValue");

        byte[] plainTextBytes = Encoding.UTF8.GetBytes(clearText + saltValue);
        byte[] hashBytes = new Sha1managed().ComputeHash(plainTextBytes);

        return Convert.ToBase64String(hashBytes);