Guides

About the Sign

Suggest Edits

Introduction

❗️

The secret key used to generate a signature for API request input parameters should be securely maintained by the merchant. It must not be disclosed to others to ensure its confidentiality and integrity.

To generate a signature string:

Collect all required parameters that need to be verified into an array.
Sort the array alphabetically by parameter names (keys) in ascending ASCII order. It's important to note that only the parameter keys are sorted, not their values.
Exclude the 'sign' parameter itself from the array before generating the signature.

Example

Example request parameters

{
    "appId": "TEST000001",
    "sign": "TEST000001",
    "merchantOrderNo": "11126",
    "userId": "[email protected]",
    "orderAmount": "1000",
    "payCurrency": "USD",
    "paymentTokens": "USDT,ETH",
    "paymentExchange": "16f021b0-f220-4bbb-aa3b-82d423301957,9226e5c2-ebc3-4fdd-94f6-ed52cdce1420"
}

Prepare the string concatenation for sign, convert the format to parameter_name=parameter_value, link with '&', and finally append the key (secret). The result is as follows:

appId=TEST000001&merchantOrderNo=11126&orderAmount=1000&payCurrency=USD&paymentExchange=16f021b0-f220-4bbb-aa3b-82d423301957,9226e5c2-ebc3-4fdd-94f6-ed52cdce1420&paymentTokens=USDT,ETH&[email protected]&key=ixdFyEZzZo7m95dr7qWAjKBaEj4qSMMdeSmW0b5nCak

Continuing from the prepared string for signing, perform the SHA-512 algorithm to generate the final signature.And change it into capital letters. The signature result is as follows:

 3962E8FF2ABD24B806D744C6630B95A05855A2AB86944CCF52009D6E2582787EB0F34CFF323843DDA55B148D770390598AF335DDBECC61D702AA1A87EE93D

Java signature generation code example

    import java.util.Map;
    import com.alibaba.fastjson.JSONObject;

    public class SignTest {
        public static void main(String[] args) {
            String jsonData="{\n" +
                    "    \"appId\": \"TEST000001\",\n" +
                    "    \"sign\": \"TEST000001\",\n" +
                    "    \"merchantOrderNo\": \"11126\",\n" +
                    "    \"userId\": \"[email protected]\",\n" +
                    "    \"orderAmount\": \"1000\",\n" +
                    "    \"payCurrency\": \"USD\",\n" +
                    "    \"paymentTokens\": \"USDT,ETH\",\n" +
                    "    \"paymentExchange\": \"16f021b0-f220-4bbb-aa3b-82d423301957,9226e5c2-ebc3-4fdd-94f6-ed52cdce1420\"\n" +
                    "}\n";
            //Sign the data
            TreeMap resultMap=JSONObject.parseObject(jsonData, TreeMap.class);
            String result=SHA512Utils.SHAEncrypt(resultMap,"ixdFyEZzZo7m95dr7qWAjKEj4qSMMdeSmW0b5nCak");
            System.out.println(result);

            //Data is signed, true = verification successful
            resultMap.put("sign","3962E8FF2ABD24B806D744C6630B95A05855A2AB86944CCF52009D6E2582787EB0F34CFF323843DDA55B148D770390598AF335DDBECC61D702AA1A87EE93D1E0");
            System.out.println(SHA512Utils.verifySHA(resultMap,"ixdFyEZzZo7m95dr7qWAjKBaqSMMdeSmW0b5nCak"));
        }
    }

Updated about 1 month ago