API Reference

Authentication

Obtaining API Credentials

Sign Up for Sandbox API Access:

Obtain sandbox credentials by contacting support@pockyt.io or by registering at Pockyt Developer Portal.

Receive Production Credentials:

Production credentials will be provided after completing the merchant onboarding process.

Credentials Breakdown

  • merchantNo – A unique number assigned to your merchant account.
  • storeNo – A number associated with a specific store under the merchant. Additional storeNo's can be created via the Pockyt Merchant Portal.
  • API Token – A developer token used to generate verification signatures for API calls.

All three of these credentials are required to sign and verify API calls.

Best Practices for API Token Security

  • Secure Storage – Store your API token securely in a database or backend configuration file. Do not hard-code it into source code or commit it to version control.
  • Encryption – Use strong encryption algorithms like AES or RSA to protect stored tokens.
  • Rate Limiting – Implement rate limiting to prevent brute force attacks.
  • Log Monitoring – Regularly check logs for suspicious activity, such as repeated failed API requests.

Signing API Calls

Pockyt secures API transactions using the verifySign parameter, which authenticates requests without requiring secret tokens or passwords.

Generating the VeriSign Parameter

To generate the verifySign signature, follow these steps:

  1. Sort all request parameters alphabetically by their names.
  2. Concatenate the parameters in key=value format, joined by &.
  3. Append the MD5 hash of your API token, prefixed with &.
  4. Compute the MD5 hash of the final concatenated string.

Example:

Input Parameters:

amount = '1.00'
storeNo = '300014'
currency = 'USD'
merchantNo = '200043'
callbackUrl = 'https://wx.yuansfer.yunkeguan.com/wx'
terminal = 'ONLINE'
ipnUrl = 'https://wx.yuansfer.yunkeguan.com/wx'
reference = 'seq_1525922323'
vendor = 'alipay'
goodsInfo = '[{"goods_name":"Yuansfer","quantity":"1"}]'
timeout = '120'
Step 1: Sort Parameters Alphabetically
amount = '1.00'
storeNo = '300014'
currency = 'USD'
merchantNo = '200043'
callbackUrl = 'https://wx.yuansfer.yunkeguan.com/wx'
terminal = 'ONLINE'
ipnUrl = 'https://wx.yuansfer.yunkeguan.com/wx'
reference = 'seq_1525922323'
vendor = 'alipay'
goodsInfo = '[{"goods_name":"Yuansfer","quantity":"1"}]'
timeout = '120'
Step 2: Concatenate Parameters
amount=1.00&callbackUrl=https://wx.yuansfer.yunkeguan.com/wx&currency=USD&goodsInfo=[{"goods_name":"Yuansfer","quantity":"1"}]&ipnUrl=https://wx.yuansfer.yunkeguan.com/wx&merchantNo=200043&reference=seq_1525922323&storeNo=300014&terminal=ONLINE&timeout=120&vendor=alipay
Step 3: Append API Token Hash

Assume the API token is 5cbfb079f15b150122261c8537086d77. Its MD5 hash is 45ba0f07f3b6d4acb3f3278f629dc9e6. Append it to the string:

amount=1.00&callbackUrl=https://wx.yuansfer.yunkeguan.com/wx&currency=USD&goodsInfo=[{"goods_name":"Yuansfer","quantity":"1"}]&ipnUrl=https://wx.yuansfer.yunkeguan.com/wx&merchantNo=200043&reference=seq_1525922323&storeNo=300014&terminal=ONLINE&timeout=120&vendor=alipay&45ba0f07f3b6d4acb3f3278f629dc9e6
Step 4: Compute Final MD5 Hash

The MD5 hash of the above string results in:

ff20092272b9a0ebdc76c70e7075a08c

This is your verifySign parameter.

Making an API Request

Use the generated verifySign parameter in your request.

Example cURL Request:

curl -X POST 'https://mapi.yuansfer.com/app-instore/v3/add' \
  -H "Content-Type: application/json" \
  -d '{
    "amount": "1.00",
    "storeNo": "300014",
    "currency": "USD",
    "merchantNo": "200043",
    "callbackUrl": "https://wx.yuansfer.yunkeguan.com/wx",
    "terminal": "ONLINE",
    "ipnUrl": "https://wx.yuansfer.yunkeguan.com/wx",
    "reference": "seq_1525922323",
    "vendor": "alipay",
    "goodsInfo": "[{\"goods_name\":\"Yuansfer\",\"quantity\":\"1\"}]",
    "timeout": "120",
    "verifySign": "b6bfd66531ae7c9499115c7480a2c8aa"
  }'