Signing API Calls
Securing API Calls with VeriSign Signature
Pockyt ensures the security of transactions by not requiring secret tokens or user passwords, thereby significantly reducing hacking or fraud risks. Authentication and authorization of API requests are managed through the verifySign parameter at every transaction step.
The verifySign parameter acts as a signature for your API parameters. Construct this parameter by obtaining the API token from Pockyt’s dashboard and using MD5 encryption to generate the MD5 authentication hash value.
Best Practices for API Token Security:
-
Secure Storage: Keep your API token in a safe location like a database or a backend configuration file. Limit access to those who require it, and avoid hard-coding the token into your source code or committing it to version control.
-
Encryption Algorithms: Utilize strong encryption algorithms such as AES or RSA to encrypt your API token before storage, safeguarding it from unauthorized access.
-
Rate Limiting: Implement rate limiting on your API to prevent brute force attacks, reducing the likelihood of token guessing.
-
Log Monitoring: Regularly check logs for unusual activities, like repeated failed API access attempts or requests with invalid tokens, and take appropriate actions when needed.
By adhering to these security practices, you can enhance the protection of your API token and the overall security of your system.
Implementing the VeriSign Feature:
To implement the VeriSign feature, follow these steps:
- Sort all the parameters alphabetically by their names.
- Concatenate the parameter names and values using '=' and '&' characters.
- Add the MD5 hash value of your API token to the end of your parameters, prefixed with '&'.
- Calculate the MD5 hash value of the concatenated string from Step 3.
Tutorial: How to Calculate the VeriSign Value
Consider these example parameters:
amount = '1.00'
storeNo = '300014'
currency = 'USD'
merchantNo = '200043'
callbackUrl = 'https://wx.yuansfer.yunkeguan.com/wx'
terminal = 'ONLINE'
ipnUrl = 'https://wx.yuansfer.yunkeguan.com/wx'
reference = 'seq_1525922323'
vendor = 'alipay'
goodsInfo = '[{"goods_name":"Yuansfer","quantity":"1"}]'
timeout = '120'
First, sort the parameters alphabetically:
amount = '1.00'
callbackUrl = 'https://wx.yuansfer.yunkeguan.com/wx'
currency = 'USD'
goodsInfo = '[{"goods_name":"Yuansfer","quantity":"1"}]'
ipnUrl = 'https://wx.yuansfer.yunkeguan.com/wx'
merchantNo = '200043'
reference = 'seq_1525922323'
storeNo = '300014'
terminal = 'ONLINE'
timeout = '120'
vendor = 'alipay'
Next, concatenate the sorted parameters using '=' and '&' characters:
amount=1.00&callbackUrl=https://wx.yuansfer.yunkeguan.com/wx¤cy=USD&goodsInfo=[{"goods_name":"Yuansfer","quantity":"1"}]&ipnUrl=https://wx.yuansfer.yunkeguan.com/wx&merchantNo=200043&reference=seq_1525922323&storeNo=300014&terminal=ONLINE&timeout=120&vendor=alipay
Calculate the MD5 value of your API token and append it to the string with the '&' prefix. For example, if the API token is 5cbfb079f15b150122261c8537086d77
, the MD5 hash value is 186abea4b8610d7ff03768255588597a
, so the resulting string is:
amount=1.00&callbackUrl=https://wx.yuansfer.yunkeguan.com/wx¤cy=USD&goodsInfo=[{"goods_name":"Yuansfer","quantity":"1"}]&ipnUrl=https://wx.yuansfer.yunkeguan.com/wx&merchantNo=200043&reference=seq_1525922323&storeNo=300014&terminal=ONLINE&timeout=120&vendor=alipay&186abea4b8610d7ff03768255588597a
Finally, calculate the MD5 hash value of the entire concatenated string. For example, the MD5 hash value might be b6bfd66531ae7c9499115c7480a2c8aa
, which you will use as the verifySign
parameter in your API request.
Your curl command would look like this:
curl -XPOST -d '{
"amount": "1.00",
"storeNo": "300014",
"currency": "USD",
"merchantNo": "200043",
"callbackUrl": "https://wx.yuansfer.yunkeguan.com/wx",
"terminal": "ONLINE",
"ipnUrl": "https://wx.yuansfer.yunkeguan.com/wx",
"reference": "seq_1525922323",
"vendor": "alipay",
"goodsInfo": "[{\"goods_name\":\"Yuansfer\",\"quantity\":\"1\"}]",
"timeout": "120",
"verifySign": "b6bfd66531ae7c9499115c7480a2c8aa"
}' 'https://mapi.yuansfer.com/app-instore/v3/add'
Updated 12 months ago