# Signature

Before the API integration, you need to get your APP ID and APP Secret.

## **Get APP ID and APP Secret**

CCPayment API authenticates your requests by APP ID and APP Secret. [Log in to your CCPayment account](https://admin.ccpayment.com/login), go to [**Developer page,**](https://admin.ccpayment.com/developer/config) you can find your **APP ID** and **APP** **Secret** on this page.

<figure><img src="/files/Gt7483I7U2vDqIPv15qz" alt=""><figcaption></figcaption></figure>

{% hint style="warning" %}
[**APP ID and APP Secret** carries many privileges, so be sure to keep it secure. Please do not share your developer information in publicly accessible areas such as GitHub, client code, etc.](#user-content-fn-1)[^1]
{% endhint %}

## Signature **Guide**

The body of HTTP is a json string.

Add the content in body of HTTP to the signature. Ensure the body content matches the signature content. As soon as CCPayment receives the request, the body content will be read and the signature will be verified.

If you use a tool to simulate the request, please make sure that the data in the body will **not be formatted by json**. Always make sure the body is a **json string**; for example, if you use postman, you should choose text format.

### Examples

{% tabs %}
{% tab title="Java" %}

```

import java.math.BigInteger;
       import java.nio.charset.StandardCharsets;
       import java.security.MessageDigest;
       import java.security.NoSuchAlgorithmException;


       public String getSign(String appId, String appSecret, String timestamp, String data) throws NoSuchAlgorithmException {
               String originStr = String.format("%s%s%s%s", appId, appSecret, timestamp, data);
               MessageDigest digest = MessageDigest.getInstance("SHA-256");
               byte[] digestOriginData = digest.digest(originStr.getBytes(StandardCharsets.UTF_8));
               BigInteger number = new BigInteger(1, digestOriginData);
               StringBuilder hexString = new StringBuilder(number.toString(16));
               while (hexString.length() < 64) {
                   hexString.insert(0, '0');
               }
               return hexString.toString();
       }
```

{% endtab %}

{% tab title="PHP" %}

```php
<?php
$app_id = “<your app_id>”;
$app_secret = “<your app_secret>”;
$url = “https://admin.ccpayment.com/ccpayment/v1/concise/url/get”;
$body = array(
    “product_price” => “0.01”,
    “merchant_order_id” => “007”,
    “product_name” => “test”
);
$body_str = json_encode($body);
$timestamp = strval(time());
$hash = $app_id . $app_secret . $timestamp . $body_str;
$hashed = hash(“sha256", $hash);
$headers = array(
    “Content-Type: application/json;charset=utf-8”,
    “Appid: ” . $app_id,
    “Sign: ” . $hashed,
    “Timestamp: ” . $timestamp
);
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $body_str);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
$response = curl_exec($ch);
curl_close($ch);
$response_data = json_decode($response, true);
print_r($response_data);
?>
```

{% endtab %}

{% tab title="Python" %}

```php
#Python 3.7.4 
import time
import unittest
import json
import hashlib
import urllib.request

class TestCCPaymentClass(unittest.TestCase):
    app_id = "202312345678980...38276"
    app_secret = "abc12345678...09876"

    url = "https://admin.ccpayment.com/ccpayment/v1/token/chain"

    args = {
        "token_id": "8addd19b-37df-4faf-bd74-e61e214b008a"
    }

    timestamp = int(time.time())

    args_str = json.dumps(args)
    sign_str = hashlib.sha256((app_id + app_secret + str(timestamp) + args_str).encode("utf-8")).hexdigest()

    req = urllib.request.Request(url=url, method="POST", data=args_str.encode("utf-8"), headers={
        "Content-Type": "application/json;charset=uf8",
        "Appid": app_id,
        "Sign": sign_str,
        "Timestamp": str(timestamp)
    })
    req.timeout = 60  # s
    resp = urllib.request.urlopen(req)
    data_str = resp.read().decode('utf-8')
    data = json.loads(data_str)
    print(data)

```

{% endtab %}

{% tab title="Node" %}

```naniscript
const axios = require("axios");
const crypto = require("crypto");

const APIURL = {
  checkoutURL: "https://admin.ccpayment.com/ccpayment/v1/concise/url/get",
};

const app_id = "your add_id";
const app_secret = "your app_secret";

const handleDeposit = async (data) => {
  const timestamp = Math.floor(Date.now() / 1000);
  const str = `${app_id}${app_secret}${timestamp}${JSON.stringify(data)}`;
  const sign = crypto.createHash("sha256").update(str, "utf-8").digest("hex");
  return axios.post(
    APIURL.checkoutURL,
    {
      ...data,
    },
    {
      headers: {
        // "Content-Type": "application/json;charset-uf8",
        Appid: app_id,
        Sign: sign,
        Timestamp: timestamp,
      },
    }
  );
};

handleDeposit({
  product_price: "0.6",
  product_name: "test",
  merchant_order_id: "2023",
}).then((res) => {
  console.log("res", res.data);
});
```

{% endtab %}

{% tab title="Golang" %}

```go
go
package main

import (
  "crypto/hmac"
  "crypto/md5" 
  "encoding/hex"
  "encoding/json"
  "fmt"
  "time"
)

func main() {

  appId := "your AppId"
  appSecret := "your Secret"
  
  // Signing
  hasherMD5 := hmac.New(md5.New, []byte(appSecret))

  // No request params
  uri := "/merchant/wallet/api/v1/get/coin/list"
  timestamp := time.Now().Unix() 
  signStr := fmt.Sprintf("%s%s%d", appId, uri, timestamp)
  hasherMD5.Write([]byte(signStr))
  sign := hex.EncodeToString(hasherMD5.Sum(nil))
  fmt.Printf("Sign: %s\n", sign)

  // With request params
  uri = "/merchant/wallet/api/v1/new/user/wallet"
  args := struct {
    UserId   string `json:"UserId"`
    UserName string `json:"UserName"`
  }{
    UserId:   "100001",
    UserName: "testuser",
  }
  
  argsJson, _ := json.Marshal(args)
  timestamp = time.Now().Unix()
  signStr = fmt.Sprintf("%s%s%d%s", appId, uri, timestamp, argsJson)

  hasherMD5.Write([]byte(signStr))
  sign = hex.EncodeToString(hasherMD5.Sum(nil))

  fmt.Printf("Sign: %s\n", sign)

  // Making API call
  url := "https://api.example.com" + uri
  
  // Set headers
  headers := map[string]string{
    "AppId": appId,
    "Sign": sign,
    "Timestamp": fmt.Sprintf("%d", timestamp), 
  }

  // Make POST request
  resp, _ := http.Post(url, "application/json", bytes.NewBuffer(argsJson))

  // Handle response
}
```

{% endtab %}
{% endtabs %}

{% hint style="info" %}
For the specific fields of signature, please refer to the API interface and ensure the order  of the fields.
{% endhint %}

####

[^1]:


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.ccpayment.com/ccpayment-v1.0-api/to-get-started/signature.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.