Sign

Whenever you, as the requester, send a collection, payment or refund request to PingPong, you need to add the signature to the parameters required in the interface document. PingPong will verify the signature according to the merchant's public key uploaded to the merchant station to ensure the authenticity of the request message.

We describe the whole signing process with a request example of the Beneficiary Account query API. First, get the request parameters, assuming that we execute the card bin query:

/v3/b2b/beneficiary/get

Request Header

Request Schema

Generate original signature string. Set the parameters according to the key 1value 1key_ 2Value2,then add the app_secret at the end. The parameters are arranged in ascending order according to the initial ASCII code. All parameters with non null values need to participate in the signature, except those that are explicitly marked as not participating in the signature in the document. The following is the string arranged for the example, that is, the original signature string:

appId80217843374134biz_id123open_id967BC942C25946F49133263Dtimestamp1620987450000967BC942C25946F49133262D

Encryption processing

When encrypting, put the original signature string into the encryption method

Sample code:

    public static String string2SHA256(String str) {
        MessageDigest messageDigest;
        String encdeStr = "";
        try {
            messageDigest = MessageDigest.getInstance("SHA-256");
            byte[] hash = messageDigest.digest(str.getBytes("UTF-8"));
            encdeStr = Hex.encodeHexString(hash);
        } catch (Exception e) {
            log.error("sign error:{}", str, e);
        }
        return encdeStr;
    }

After getting the value of sign, put it in the request header, then request the api with other original parameters