PayZApp-Gateway
PayZApp-Gateway
  • Getting started
  • Authentication
  • Callback Description
  • Error Description
  • Deposit
    • Create Invoice
      POST
    • Query Invoice
      GET
    • Invoice Callback
      POST
  • Transfer
    • Unified Transfer
      • Getting Strared
      • India-INR
      • Brazil-BRL
      • Blockchain-USDT
    • Query Transfer
      GET
    • Transfer Callback
      POST
  • UPI
    • Query UTR
      GET
    • UTR Repair
      POST
  • Other
    • Get Balance
      GET

Authentication

First, log in to the merchant backend management system:
-> Left sidebar -> API Management
Retrieve the following:
Merchant Number (mno)
Access-Key
Access-Secret

๐Ÿ“Œ

Notice:
mno corresponds to the header parameter at-mno.
Access-Key corresponds to the header parameter at-access-key.
Access-Secret is used as the signature algorithm key.

When generating the signature string, the parameters must be arranged in ascending order of parameter names based on their ASCII codes (lexicographical order). These parameters are sent through the Header, and below is an explanation for each parameter.
Name
Example Value
Description
at-access-key91385FGEO9EAccess key obtained from the merchant backend.
at-mno30081Merchant number from the platform.
at-nonce66a6165079b611ec90d60242ac120003A randomly generated number or UUID to ensure unpredictability in the signature. It should only consist of alphanumeric characters. To prevent replay attacks, please avoid using simple time-based values. Generate timestamp values down to the second to ensure uniqueness for each concurrent request. It's recommended to use UUID and remove hyphens, avoiding other simple time-based value generation methods.
at-signature-methodHmacSHA256Digest signing method.
at-timestamp1631957963Current timestamp, accurate to the second.
at-signature-versionv1.0Signature algorithm version, fixed as v1.0.
at-signatureA506B41AAE62Signature value, converted to uppercase.
First, concatenate the above parameters, excluding at-signature, into a string in lexicographical order of parameter names based on their ASCII codes, resulting in the unsigned string.
Use Secret encryption and then encode the hexadecimal string to get the signature string
JAVA signature algorithm example
PHP signature algorithm example
GoLang signature algorithm example
package main

import "fmt"
import "crypto/hmac"
import "crypto/sha256"
import "encoding/hex"
import "strings"

func main() {
	//The key you obtained from the platform Access Secret key
	 var secret = "123123"
	 var signStr = "at-access-key=0c9b5879f17544b7&at-mno=M1665300705&at-nonce=hlgxol7iaug4a9302sgqt1hscdnxzrb6&at-signature-method=HmacSHA256&at-signature-version=v1.0&at-timestamp=1666161287"
	 h := hmac.New(sha256.New, []byte(secret))
	 h.Write([]byte(signStr))
	 sign := hex.EncodeToString(h.Sum(nil)) 
	 fmt.Println(strings.ToUpper(sign))
}
After obtaining the signature value, set the above parameters in the header and send it out. Java example. Please implement it by yourself in other languages.
Modified atย 2023-10-18 11:25:45
Previous
Getting started
Next
Callback Description
Built with