Python
If your server runs Python, you can integrate simply using the code from this repository.
This is a codebase we use internally for testing, and it does not rely on any dependency.
def do_lagom_verif(self, path, amount):
# extract params from url, decode and parse
parsed = urlparse.urlparse(self.path)
params = urlparse.parse_qs(parsed.query)
uid = params['lguid'][0] if 'lguid' in params else ''
ts = params['lgts'][0]
sig = params['lgsig'][0]
id = params['lgid'][0]
amt = params['lgamt'][0]
# check timestamp is within 10 seconds
current_time = int(time.time())
if current_time > int(ts) + 5:
return False
# check amount and path
if int(amt) != amount or path != parsed.path:
return False
# check signature - we also verify that the payment only applies to this page
verif = uid.encode('utf-8') + id.encode('utf-8') + ts.encode('utf-8') + parsed.path.encode('utf-8') + amt.encode('utf-8')
good = hmac.new(SECRET.encode('utf-8'), verif, hashlib.sha256).hexdigest()
if sig != good:
return False
return True