PayZApp-Gateway
    PayZApp-Gateway
    • Getting started
    • Authentication
    • Callback Description
    • Error Description
    • Deposit
      • Create Invoice
        POST
      • Query Invoice
        GET
      • Invoice Callback
        POST
    • Transfer
      • Unified Transfer
        • Getting Strared
        • India-INR
        • Brazil-BRL
        • Blockchain-USDT
      • Query Transfer
        GET
      • Transfer Callback
        POST
    • UPI
      • Query UTR
        GET
      • UTR Repair
        POST
    • Other
      • Get Balance
        GET

    Authentication

    First, log in to the merchant backend management system:
    -> Left sidebar -> API Management
    Retrieve the following:
    Merchant Number (mno)
    Access-Key
    Access-Secret
    ๐Ÿ“Œ
    Notice:
    mno corresponds to the header parameter at-mno.
    Access-Key corresponds to the header parameter at-access-key.
    Access-Secret is used as the signature algorithm key.
    When generating the signature string, the parameters must be arranged in ascending order of parameter names based on their ASCII codes (lexicographical order). These parameters are sent through the Header, and below is an explanation for each parameter.
    Name
    Example Value
    Description
    at-access-key91385FGEO9EAccess key obtained from the merchant backend.
    at-mno30081Merchant number from the platform.
    at-nonce66a6165079b611ec90d60242ac120003A randomly generated number or UUID to ensure unpredictability in the signature. It should only consist of alphanumeric characters. To prevent replay attacks, please avoid using simple time-based values. Generate timestamp values down to the second to ensure uniqueness for each concurrent request. It's recommended to use UUID and remove hyphens, avoiding other simple time-based value generation methods.
    at-signature-methodHmacSHA256Digest signing method.
    at-timestamp1631957963Current timestamp, accurate to the second.
    at-signature-versionv1.0Signature algorithm version, fixed as v1.0.
    at-signatureA506B41AAE62Signature value, converted to uppercase.
    First, concatenate the above parameters, excluding at-signature, into a string in lexicographical order of parameter names based on their ASCII codes, resulting in the unsigned string.
    Use Secret encryption and then encode the hexadecimal string to get the signature string
    JAVA signature algorithm example
    PHP signature algorithm example
    GoLang signature algorithm example
    package main
    
    import "fmt"
    import "crypto/hmac"
    import "crypto/sha256"
    import "encoding/hex"
    import "strings"
    
    func main() {
    	//The key you obtained from the platform Access Secret key
    	 var secret = "123123"
    	 var signStr = "at-access-key=0c9b5879f17544b7&at-mno=M1665300705&at-nonce=hlgxol7iaug4a9302sgqt1hscdnxzrb6&at-signature-method=HmacSHA256&at-signature-version=v1.0&at-timestamp=1666161287"
    	 h := hmac.New(sha256.New, []byte(secret))
    	 h.Write([]byte(signStr))
    	 sign := hex.EncodeToString(h.Sum(nil)) 
    	 fmt.Println(strings.ToUpper(sign))
    }
    After obtaining the signature value, set the above parameters in the header and send it out. Java example. Please implement it by yourself in other languages.
    Modified atย 2023-10-18 11:25:45
    Previous
    Getting started
    Next
    Callback Description
    Built with