API Signature Process

Introduction

Developers can operate by adding a signature. After the signature is generated, the developer can compare it with the information generated by the request in his own code to know whether the data is correct.

Illustrate：

The process and method of signature with PayCools are mainly introduced here.

Signature process

Get the request parameters that need to be encrypted, excluding byte type parameters, such as files and byte streams, remove the sign field, and remove the parameters whose value is empty (Both of null and empty);

Sort in ascending order according to the key value ASCII code of the first character (in ascending alphabetical order), if the same character is encountered, it will sort in ascending order according to the key value ASCII code of the second character, and so on;

Combine the sorted parameters and their corresponding values into the format of parameter=parameter value, and connect these parameters with the & character. At this time, the generated string is the string to be signed.

Signature original string example

# reqeust body
{
	"amount": 100.00,
	"appId": "f90addc4861540ef9312e87d8f360e08",
	"version":"1.0"
}

#step 2 sign origin string
amount=100.00&appId=f90addc4861540ef9312e87d8f360e08&version=1.0

Generate signature

Sign the signature string with the merchant's private key

Key length is RSA2 4096 bits

For related code examples, please refer to the following encrypted java demo

Java

API Signature Process

Introduction#

Developers can operate by adding a signature. After the signature is generated, the developer can compare it with the information generated by the request in his own code to know whether the data is correct.#

Illustrate：#

Signature process#