Pockyt API Docs
GuidesAPI ReferenceGet Sandbox Keys
Search
K
Links

How to Sign API Calls

Secure API Calls with VeriSign Signature
Transactions made via Pockyt do not involve any secret tokens or user passwords eliminating the chances of hacking or fraud incidents. Instead, we use the verifySign parameter to authenticate and authorize the API requests at every step of the transaction process.
The verifySign parameter serves as your API parameter signature. You can build this parameter by retrieving the API token from Pockyt’s dashboard and using the latter along with MD5 encryption to calculate the MD5 authentication hash value.

Follow these best practices to make sure your API token is safe.

  • Store your API token in a secure location, such as a database or configuration file on the backend of the application, and restrict access to only those who need them. Do not hard-code the token into your code or include it in version control.
  • Use secure encryption algorithms: Use encryption algorithms like AES or RSA to encrypt your API token before storing it. This helps protect against unauthorized access to the token.
  • Implement rate limiting: Implement rate limiting to prevent attackers from launching brute force attacks against your API. This helps protect against attempts to guess valid tokens.
  • Monitor logs: Regularly monitor logs for any suspicious activity, such as multiple failed API access attempts or requests with invalid tokens, and take action if necessary.
  • By following these best practices, you can help secure your API token and ensure the security of your system.
Follow the steps below to implement the VeriSign feature:
  1. 1.
    Sort the parameters alphabetically according to the parameter name.
  2. 2.
    Concatenate the parameter names and values using '=' and '&' characters.
  3. 3.
    Append the MD5 hash value of your API token to the end of your parameters with the '&' prefix
  4. 4.
    Calculate the MD5 hash value of the Step 3 result.

Tutorial: How to Calculate the VeriSign Value

Consider the following Parameters:
amount = '1.00'
storeNo = '300014'
currency = 'USD'
merchantNo = '200043'
callbackUrl = 'https://wx.yuansfer.yunkeguan.com/wx'
terminal = 'ONLINE'
ipnUrl = 'https://wx.yuansfer.yunkeguan.com/wx'
reference = 'seq_1525922323'
vendor = 'alipay'
goodsInfo = '[{"goods_name":"Yuansfer","quantity":"1"}]'
timeout = '120'
First, sort the parameters alphabetically:
amount = '1.00'
storeNo = '300014'
currency = 'USD'
merchantNo = '200043'
callbackUrl = 'https://wx.yuansfer.yunkeguan.com/wx'
terminal = 'ONLINE'
ipnUrl = 'https://wx.yuansfer.yunkeguan.com/wx'
reference = 'seq_1525922323'
vendor = 'alipay'
goodsInfo = '[{"goods_name":"Yuansfer","quantity":"1"}]'
timeout = '120'
Next, concatenate the parameter names and values using '=' and '&' characters
amount=1.00&callbackUrl=https://wx.yuansfer.yunkeguan.com/wx&currency=USD&goodsInfo=[{"goods_name":"Yuansfer","quantity":"1"}]&ipnUrl=https://wx.yuansfer.yunkeguan.com/wx&merchantNo=200043&reference=seq_1525922323&storeNo=300014&terminal=ONLINE&timeout=120&vendor=alipay
Calculate the MD5 value of your API token and append to the string with the '&' character. For example, if the API token is 5cbfb079f15b150122261c8537086d77a the MD5 hash value is 186abea4b8610d7ff03768255588597a so the resulting string is:
amount=1.00&callbackUrl=https://wx.yuansfer.yunkeguan.com/wx& currency=USD&goodsInfo=[{"goods_name":"Yuansfer","quantity":"1"}]&ipnUrl=https://wx.yuansfer.yunkeguan.com/wx&merchantNo=200043&reference=seq_1525922323&storeNo=300014&terminal=ONLINE&timeout=120&vendor=alipay&186abea4b8610d7ff03768255588597a
Finally, you will calculate the MD5 hash value of the entire string in the block above. The MD5 hash value is b6bfd66531ae7c9499115c7480a2c8aa and this is the value that you will pass in the VeriSign parameter of your API request.
Next, concatenate the parameter names and values using '=' and '&' characters
curl -XPOST -d '{
amount = '1.00'
storeNo = '300014'
currency = 'USD'
merchantNo = '200043'
callbackUrl = 'https://wx.yuansfer.yunkeguan.com/wx'
terminal = 'ONLINE'
ipnUrl = 'https://wx.yuansfer.yunkeguan.com/wx'
reference = 'seq_1525922323'
vendor = 'alipay'
goodsInfo = '[{"goods_name":"Yuansfer","quantity":"1"}]'
timeout = '120'
"verifySign": "b6bfd66531ae7c9499115c7480a2c8aa",
}' 'https://mapi.yuansfer.com/app-instore/v3/add'
Last modified 4mo ago