API interface signature verification
API requests
info
All API interfaces assemble the request message as follows. All request and response parameters use string type, and "" is used for empty fields.
All request and response objects are in json format.
Request method: post
Request/response headers:
| parameter name | type | required | remarks |
|---|---|---|---|
| Content-Type | String | Yes | Content-Type, fixed value: application/json |
request body
{
"content":content_base64,
"sign":sign,
"appKey":appKey
}
| Field Name | Type | Description |
|---|---|---|
| content | String | The base64 encoded string of the request parameter JSON structure |
| sign | String | content The signature after md5 calculation by merchantSecret after splicing the content |
| appKey | String | appkey reference Get appkey |
API response
Request successful response body
{
"responseCode":"000000",
"responseMessage":"success",
"content":content_base64,
"sign":sign
}
Request failed response body
{
"responseCode":"204005",
"responseMessage":"Authentication failed"
}
Interface callback returns body
tip
Used when Paynicorn sends asynchronous notifications to merchants
{
"content":content_base64,
"sign":sign
}
| parameter name | type | description |
|---|---|---|
| responseCode | String | response code |
| responseMessage | String | Response message |
| content | String | The base64 encoded string of the response parameter JSON structure |
| sign | String | content The signature after md5 calculation by merchantSecret after splicing the content |
tip
Response judgment logic, first judge that the request response code responseCode is 000000, judge that the API call is successful, then verify whether the signature is correct, and finally parse the Base64 encoding to obtain the content service response data
Request failed response code
| Response Code | Response Message | Description |
|---|---|---|
| 000000 | success | The interface call is successful, the details of business processing are judged according to the content |
| 204404 | 404 NOT FOUND | Interface address unreachable |
| 204000 | Request is empty | The request message is empty |
| 204002 | App key is empty | Request AppKey is empty |
| 204003 | Content is invalid | The requested Content is invalid |
| 204004 | Sign is invalid | Request Sign is invalid |
| 204005 | Authentication failed | Signature verification failed |
| 204006 | The number of test requests exceeds the limit | The number of requests for the payment APP exceeds the limit in test mode, please log in to the merchant platform to reset |
| 205999 | Unknow Error | Unknown failure. If this error is returned for payment\withdrawal\refund, you need to judge the exact status of the business according to the query later |
sign
info
Request parameters use base64 encoding to generate a string content_base64
Generate a signature from the concatenated string of content_base64 and merchant secret using the md5 algorithm
sign = md5(content_base64+merchantSecret)
data preparation
- appKey: 79n7730m4916aT75h0cJ
- merchant secret: 143f824b235c4a649b60fae3d1aa5fe6
- Request interface: https://api.paynicorn.com/trade/v3/transaction/pay
- Request object bizReq:
{
"amount": "30000",
"countryCode": "ID",
"cpFrontPage": "http://www.baidu.com",
"currency": "IDR",
"email": "111@111.com",
"memo": "Memo",
"orderDescription": "I am Test!",
"payMethod": "DANA",
"phone": "02219092345",
"orderId":"TEST1609409844610"
}
encoding
- Base64 encode the request object string
content: eyJhbW91bnQiOiIzMDAwMCIsImNvdW50cnlDb2RlIjoiSUQiLCJjcEZyb250UGFnZSI6Imh0dHA6Ly93d3cuYmFpZHUuY29tIiwiY3VycmVuY3kiOiJJRFIiLCJlbWFpbCI6IjExMUAxMTEuY29tIiwibWVtbyI6Ik1lbW8iLCJvcmRlckRlc2NyaXB0aW9uIjoiSSBhbSBUZXN0ISIsInBheVR5cGUiOiJEQU5BIiwicGhvbmUiOiIwMjIxOTA5MjM0NSIsInVzZXJJZCI6IlUyMDMyMzEyMyIsIm9yZGVySWQiOiJYWlNfVEVTVDE2MDk0MDk4NDQ2MTAifQ==
- Sample code (CryptoJS)
var strBizReq = JSON.stringify(bizReq);
var wordArray = CryptoJS.enc.Utf8.parse(strBizReq);
var base64 = CryptoJS.enc.Base64.stringify(wordArray).toString();
sign
- Splicing the Base64 encoded string generated in the encoding step with merchantsecret for MD5 signature
sign: 3dc08594b8877479d8a5cb44a5b76b21
- Sample code (CryptoJS)
var merchantSecret = "143f824b235c4a649b60fae3d1aa5fe6";
var signStr = CryptoJS.MD5(base64+merchantSecret).toString();
Request object assembly
- Assemble the request object using the results generated in the above steps
{
"appKey": "79n7730m4916aT75h0cJ",
"content": "eyJhbW91bnQiOiIzMDAwMCIsImNvdW50cnlDb2RlIjoiSUQiLCJjcEZyb250UGFnZSI6Imh0dHA6Ly93d3cuYmFpZHUuY29tIiwiY3VycmVuY3kiOiJJRFIiLCJlbWFpbCI6IjExMUAxMTEuY29tIiwibWVtbyI6Ik1lbW8iLCJvcmRlckRlc2NyaXB0aW9uIjoiSSBhbSBUZXN0ISIsInBheVR5cGUiOiJEQU5BIiwicGhvbmUiOiIwMjIxOTA5MjM0NSIsInVzZXJJZCI6IlUyMDMyMzEyMyIsIm9yZGVySWQiOiJYWlNfVEVTVDE2MDk0MDk4NDQ2MTAifQ==",
"sign": "3dc08594b8877479d8a5cb44a5b76b21"
}
request interface
- return object example
{
responseCode: "000000"
responseMessage: "success"
content: "eyJjb2RlIjoiMDAwMCIsIm1lc3NhZ2UiOiJzdWNjZXNzIiwidHhuSWQiOiIzMjAxMjMxMDAwMDAwMDYwMiIsInN0YXR1cyI6Ii0xIiwid2ViVXJsIjoiaHR0cHM6Ly9oNS12My10ZXN0LnBheW5pY29ybi5jb20vIy9pbmRleD90PUowNVQ2OW0zNzlfMDAwMDAzMTIzMDIxMDAwNjI3bjcwNDFhN2hjJmNwRnJvbnRQYWdlPWh0dHAlM0ElMkYlMkZ3d3cuYmFpZHUuY29tIn0="
sign: "f64f37a0210a1ce55be63602369b12b8"
}
Verify signature
- Verify the signature of the content in the returned message
- Sample code (CryptoJS)
var respSignValid = CryptoJS.MD5(response.json().content + merchantSecret).toString();
console.log("validResult:" + (response.json().sign == respSignValid));
Parse the message
- Perform Base64 parsing on the content in the returned object.
{
"code": "0000",
"message": "success",
"txnId": "32012310000000602",
"status": "-1",
"webUrl": "https://h5-v3.paynicorn.com/#/index?t=J05T69m379_000003123021000627n7041a7hc&cpFrontPage=http%3A%2F%2Fwww.baidu.com"
}