Signature

PreviousTo Get Started NextAPI Specification Common Rules

Last updated 1 year ago

Signature

Before the API integration, you need to get your APP ID and APP Secret.

Get APP ID and APP Secret

CCPayment API authenticates your requests by APP ID and APP Secret. , go to you can find your APP ID and APP Secret on this page.

Signature Guide

The body of HTTP is a json string.

Add the content in body of HTTP to the signature. Ensure the body content matches the signature content. As soon as CCPayment receives the request, the body content will be read and the signature will be verified.

If you use a tool to simulate the request, please make sure that the data in the body will not be formatted by json. Always make sure the body is a json string; for example, if you use postman, you should choose text format.

Examples


import java.math.BigInteger;
       import java.nio.charset.StandardCharsets;
       import java.security.MessageDigest;
       import java.security.NoSuchAlgorithmException;


       public String getSign(String appId, String appSecret, String timestamp, String data) throws NoSuchAlgorithmException {
               String originStr = String.format("%s%s%s%s", appId, appSecret, timestamp, data);
               MessageDigest digest = MessageDigest.getInstance("SHA-256");
               byte[] digestOriginData = digest.digest(originStr.getBytes(StandardCharsets.UTF_8));
               BigInteger number = new BigInteger(1, digestOriginData);
               StringBuilder hexString = new StringBuilder(number.toString(16));
               while (hexString.length() < 64) {
                   hexString.insert(0, '0');
               }
               return hexString.toString();
       }

<?php
$app_id = “<your app_id>”;
$app_secret = “<your app_secret>”;
$url = “https://admin.ccpayment.com/ccpayment/v1/concise/url/get”;
$body = array(
    “product_price” => “0.01”,
    “merchant_order_id” => “007”,
    “product_name” => “test”
);
$body_str = json_encode($body);
$timestamp = strval(time());
$hash = $app_id . $app_secret . $timestamp . $body_str;
$hashed = hash(“sha256", $hash);
$headers = array(
    “Content-Type: application/json;charset=utf-8”,
    “Appid: ” . $app_id,
    “Sign: ” . $hashed,
    “Timestamp: ” . $timestamp
);
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $body_str);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
$response = curl_exec($ch);
curl_close($ch);
$response_data = json_decode($response, true);
print_r($response_data);
?>

#Python 3.7.4 
import time
import unittest
import json
import hashlib
import urllib.request

class TestCCPaymentClass(unittest.TestCase):
    app_id = "202312345678980...38276"
    app_secret = "abc12345678...09876"

    url = "https://admin.ccpayment.com/ccpayment/v1/token/chain"

    args = {
        "token_id": "8addd19b-37df-4faf-bd74-e61e214b008a"
    }

    timestamp = int(time.time())

    args_str = json.dumps(args)
    sign_str = hashlib.sha256((app_id + app_secret + str(timestamp) + args_str).encode("utf-8")).hexdigest()

    req = urllib.request.Request(url=url, method="POST", data=args_str.encode("utf-8"), headers={
        "Content-Type": "application/json;charset=uf8",
        "Appid": app_id,
        "Sign": sign_str,
        "Timestamp": str(timestamp)
    })
    req.timeout = 60  # s
    resp = urllib.request.urlopen(req)
    data_str = resp.read().decode('utf-8')
    data = json.loads(data_str)
    print(data)

const axios = require("axios");
const crypto = require("crypto");

const APIURL = {
  checkoutURL: "https://admin.ccpayment.com/ccpayment/v1/concise/url/get",
};

const app_id = "your add_id";
const app_secret = "your app_secret";

const handleDeposit = async (data) => {
  const timestamp = Math.floor(Date.now() / 1000);
  const str = `${app_id}${app_secret}${timestamp}${JSON.stringify(data)}`;
  const sign = crypto.createHash("sha256").update(str, "utf-8").digest("hex");
  return axios.post(
    APIURL.checkoutURL,
    {
      ...data,
    },
    {
      headers: {
        // "Content-Type": "application/json;charset-uf8",
        Appid: app_id,
        Sign: sign,
        Timestamp: timestamp,
      },
    }
  );
};

handleDeposit({
  product_price: "0.6",
  product_name: "test",
  merchant_order_id: "2023",
}).then((res) => {
  console.log("res", res.data);
});

go
package main

import (
  "crypto/hmac"
  "crypto/md5" 
  "encoding/hex"
  "encoding/json"
  "fmt"
  "time"
)

func main() {

  appId := "your AppId"
  appSecret := "your Secret"
  
  // Signing
  hasherMD5 := hmac.New(md5.New, []byte(appSecret))

  // No request params
  uri := "/merchant/wallet/api/v1/get/coin/list"
  timestamp := time.Now().Unix() 
  signStr := fmt.Sprintf("%s%s%d", appId, uri, timestamp)
  hasherMD5.Write([]byte(signStr))
  sign := hex.EncodeToString(hasherMD5.Sum(nil))
  fmt.Printf("Sign: %s\n", sign)

  // With request params
  uri = "/merchant/wallet/api/v1/new/user/wallet"
  args := struct {
    UserId   string `json:"UserId"`
    UserName string `json:"UserName"`
  }{
    UserId:   "100001",
    UserName: "testuser",
  }
  
  argsJson, _ := json.Marshal(args)
  timestamp = time.Now().Unix()
  signStr = fmt.Sprintf("%s%s%d%s", appId, uri, timestamp, argsJson)

  hasherMD5.Write([]byte(signStr))
  sign = hex.EncodeToString(hasherMD5.Sum(nil))

  fmt.Printf("Sign: %s\n", sign)

  // Making API call
  url := "https://api.example.com" + uri
  
  // Set headers
  headers := map[string]string{
    "AppId": appId,
    "Sign": sign,
    "Timestamp": fmt.Sprintf("%d", timestamp), 
  }

  // Make POST request
  resp, _ := http.Post(url, "application/json", bytes.NewBuffer(argsJson))

  // Handle response
}

For the specific fields of signature, please refer to the API interface and ensure the order of the fields.