| Endpoint configuration |
Your production EHI endpoint URL has been provided to Payblr. |
| Shared secret |
Both sides store the same HMAC secret securely. |
| Algorithm validation |
Your system verifies x-ehi-signature-algorithm. |
| Timestamp validation |
Your system verifies timestamp freshness in milliseconds. |
| Raw body validation |
Your system verifies HMAC-SHA256 over <timestamp>.<rawBody>. |
| Constant-time comparison |
Your system uses constant-time signature comparison. |
| Failed validation |
Your system rejects invalid signatures before business processing. |
| Response contract |
Your system implements the response contract for authorization, reversal, financial/advice, and cut-off messages. |
| Idempotency |
Your system handles retries and duplicate EHI messages safely. |
| Logging |
Logs include x-correlation-id, ProductID, transaction identifiers, validation result, and decision outcome. |
| Secret handling |
HMAC secret values and signatures are redacted from logs. |