public function index(Request $request) { $clientId = 'ec905d7a-1e1c-40de-9c2c-7ca04c6992a1'; $clientSecret = '9cdsXtFkJ.V._scS9vQ4_bH.9sn1BOjuL-'; $signingKeyId = 'dc140fa4-d446-4fe8-b7ac-7877a3176c97'; $signingKeyString = 'SnltUGMvd0gyejg5MHc3dkZUS2RYUGFjL1c3NjFqRmVRU2tVNTNiTGxmaz0='; $requestToken = Http::withHeaders([ 'Accept' => 'application/json', 'Content-Type' => 'application/x-www-form-urlencoded', 'api-version' => '0.12', ])->asForm()->post('https://sandbox.api.payme.hsbc.com.hk/oauth2/token', [ 'client_id' => $clientId, 'client_secret' => $clientSecret ]); $accessToken = $requestToken->object()->accessToken; $traceId = '46860f3b-6ce0-4063-b7ba-3ad14b209773'; $requestDateTime = date(DATE_RFC3339); $digest = 'SHA-256=gyT+LdIhNQLw2TjPTWRCWwIExmkRAoC2RvRM6FCggD4='; //calculate the SHA-256 hash of {"totalAmount":100.0,"currencyCode":"HKD"} $apiVersion = '0.12'; $signatureString = "(request-target): post /payments/paymentrequests api-version: $apiVersion request-date-time: $requestDateTime content-type: application/json digest: $digest accept: application/json trace-id: $traceId authorization: Bearer $accessToken"; $signatureString = trim($signatureString); $signature = base64_encode(hash_hmac('sha256', $signatureString, base64_decode($signingKeyString), true)); $response = Http::withHeaders([ 'Api-Version' => $apiVersion, 'Request-Date-Time' => $requestDateTime, 'Content-Type' => 'application/json', 'Digest' => "Digest: $digest", 'Accept' => 'application/json', 'Trace-Id' => $traceId, 'Signature' => 'Signature: keyId="'.$signingKeyId.'",algorithm="hmac-sha256",headers="(request-target) Api-Version Request-Date-Time Content-Type Digest Accept Trace-Id Authorization",signature="'.$signature.'"', 'Authorization' => "Bearer $accessToken" ])->post('https://sandbox.api.payme.hsbc.com.hk/payments/paymentrequests', [ 'totalAmount' => 100.0, 'currencyCode' => 'HKD', ]); print_r($response->body());die; }