Merchants must follow these specifications when calling APIs:
| Item | Specification |
|---|---|
| Transport | HTTPS |
| Method | POST |
| Format | JSON |
| Encoding | UTF-8 |
| Encryption | AES (128-bit) |
| Signature | SHA256WithRSA |
| Certificate | Required |
| Logic | HTTP status → Interface code → Transaction status |
| Field | Description |
|---|---|
| timestamp | Current system timestamp in millisecond |
| nonce | Random string (UUID recommended) |
| access-key | Merchant access key. Generated after uploading RSA public key certificate in merchant system |
| signature | Data signature. See signature algorithm for details |
| data | Description |
|---|---|
| url | complete request url |
| timestamp | Current system timestamp in millisecond |
| nonce | Unique random string (UUID recommended) |
| bodyStr | JSON string assembled from request parameters per API documentation |
| RSA Private Key | Merchant RSA private key, paired with the RSA public key uploaded to the merchant platform |