Signature check in hosted gateway refund requests This post is outdated
Trying to verify the x_signature value in refund requests does not seem to be working.
Using exactly the same process for initial sale transactions, i.e. taking all x_ fields sorted into alphabetical order (excluding x_signature itself) and calulcating a new signature value to compare against x_signature always fails.
The refund request contained these fields:
Is there any difference in the signature process for refunds? As mentioned, the exact same signature check for standard order requests works fine, but when handling refunds (with the same account_id, secret key etc) doesn't work. It's not a different implemenation of the signature check, it's a common function called from both.