CCPayment
Have Questions?TwitterMediumBlog
  • CCPayment - For Merchant
    • What is CCPayment
    • CCPayment API Introduction
    • Fees
    • Invoice
    • Contact Us
  • CCPayment v1.0 API
    • SDK Libraries
    • To Get Started
      • Signature
      • API Specification Common Rules
    • Payment API - CCPayment
      • Hosted Checkout Page Integration
      • Native Checkout Integration
      • API Deposit Order Information Interface
    • Wallet API - CCPayment
      • Get permanent deposit address for users
    • Withdrawal API Integration
      • Create a withdrawal order
      • Withdrawal Order Information Interface
    • Resources Document
      • Token ID Interface
      • Current Token Rate Interface
      • Asset Balance Interface
      • Network Fee Interface
      • Block Height Information Retrieval API
      • Check the Validity of Cwallet ID
      • List of Supported Coins
      • List of Denominated Currency for API Payment
      • Error Code
    • Webhook Notification
      • Webhook Notification Tutorial
      • API Deposit Webhook Notification
      • Direct Deposit to Permanent Address Webhook Notification
      • Invocie Webhook Notification
      • Withdraw Webhook Notification
      • Refund Webhook Notification
      • Resend Webhook Notification
  • Changes
    • Change Record
    • Upcoming Changes
  • FAQ
    • FAQ
    • Webhook Notification
      • How to receive the transaction notification
      • Why do some deposit transactions not include the “from address” in the webhook notification?
    • Payment
      • Why hasn't my transactions been confirmed?
      • Why hasn't my withdrawal arrived
      • Minimum amount of withdrawal and deposit
      • How to find out withdrawal fees for each cryptocurrency?
      • How does CCPayment charge the service fee
      • After payment has been paid, why does the order status not appear successful
      • What types of tokens do we accept for payment
      • How long does it take for a withdrawal to be processed
      • When a payment is not sufficiently made, can the user make it again and have it credited correctly
      • Is it possible to pay by credit card
      • What is token aggregation fee?
    • Security & Privacy
      • How to Secure My CCPayment Account
      • What information do you collect about my customers
      • Is my website required to be reviewed when using CCPayment API
      • Why can’t I get the email verification code?
      • Verify your site ownership
        • Verify your site ownership with HTML file
        • Verify your site ownership with HTML tag
    • Refund
      • How to cancel a pending refund request
      • How does the merchant issue a refund to the customer
      • What should you do if you entered a wrong memo/tag?
      • What should you do if you credited to CCPayment's unsupported tokens?
    • Others & Academy
      • How to manage multiple merchant account
      • How does the lock exchange rate of an order work and what happens when it is locked
      • What is the transaction under the category Other in the transaction records
      • Are there any regional restrictions on API use
      • What is a referral program?
      • CCPayment ETH Testnet Tutorial
      • What is auto-swap for deposit?
  • CCPAYMENT POLICY
    • CCPayment Privacy Policy
    • Disclaimer for Purchasers
    • Terms of Use
    • AML/CTF Policy
Powered by GitBook
On this page
  • Get APP ID and APP Secret
  • Signature Guide
  • Examples
  1. CCPayment v1.0 API
  2. To Get Started

Signature

PreviousTo Get StartedNextAPI Specification Common Rules

Last updated 1 year ago

Before the API integration, you need to get your APP ID and APP Secret.

Get APP ID and APP Secret

CCPayment API authenticates your requests by APP ID and APP Secret. , go to you can find your APP ID and APP Secret on this page.

Signature Guide

The body of HTTP is a json string.

Add the content in body of HTTP to the signature. Ensure the body content matches the signature content. As soon as CCPayment receives the request, the body content will be read and the signature will be verified.

If you use a tool to simulate the request, please make sure that the data in the body will not be formatted by json. Always make sure the body is a json string; for example, if you use postman, you should choose text format.

Examples


import java.math.BigInteger;
       import java.nio.charset.StandardCharsets;
       import java.security.MessageDigest;
       import java.security.NoSuchAlgorithmException;


       public String getSign(String appId, String appSecret, String timestamp, String data) throws NoSuchAlgorithmException {
               String originStr = String.format("%s%s%s%s", appId, appSecret, timestamp, data);
               MessageDigest digest = MessageDigest.getInstance("SHA-256");
               byte[] digestOriginData = digest.digest(originStr.getBytes(StandardCharsets.UTF_8));
               BigInteger number = new BigInteger(1, digestOriginData);
               StringBuilder hexString = new StringBuilder(number.toString(16));
               while (hexString.length() < 64) {
                   hexString.insert(0, '0');
               }
               return hexString.toString();
       }
<?php
$app_id = “<your app_id>”;
$app_secret = “<your app_secret>”;
$url = “https://admin.ccpayment.com/ccpayment/v1/concise/url/get”;
$body = array(
    “product_price” => “0.01”,
    “merchant_order_id” => “007”,
    “product_name” => “test”
);
$body_str = json_encode($body);
$timestamp = strval(time());
$hash = $app_id . $app_secret . $timestamp . $body_str;
$hashed = hash(“sha256", $hash);
$headers = array(
    “Content-Type: application/json;charset=utf-8”,
    “Appid: ” . $app_id,
    “Sign: ” . $hashed,
    “Timestamp: ” . $timestamp
);
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $body_str);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
$response = curl_exec($ch);
curl_close($ch);
$response_data = json_decode($response, true);
print_r($response_data);
?>
#Python 3.7.4 
import time
import unittest
import json
import hashlib
import urllib.request

class TestCCPaymentClass(unittest.TestCase):
    app_id = "202312345678980...38276"
    app_secret = "abc12345678...09876"

    url = "https://admin.ccpayment.com/ccpayment/v1/token/chain"

    args = {
        "token_id": "8addd19b-37df-4faf-bd74-e61e214b008a"
    }

    timestamp = int(time.time())

    args_str = json.dumps(args)
    sign_str = hashlib.sha256((app_id + app_secret + str(timestamp) + args_str).encode("utf-8")).hexdigest()

    req = urllib.request.Request(url=url, method="POST", data=args_str.encode("utf-8"), headers={
        "Content-Type": "application/json;charset=uf8",
        "Appid": app_id,
        "Sign": sign_str,
        "Timestamp": str(timestamp)
    })
    req.timeout = 60  # s
    resp = urllib.request.urlopen(req)
    data_str = resp.read().decode('utf-8')
    data = json.loads(data_str)
    print(data)
const axios = require("axios");
const crypto = require("crypto");

const APIURL = {
  checkoutURL: "https://admin.ccpayment.com/ccpayment/v1/concise/url/get",
};

const app_id = "your add_id";
const app_secret = "your app_secret";

const handleDeposit = async (data) => {
  const timestamp = Math.floor(Date.now() / 1000);
  const str = `${app_id}${app_secret}${timestamp}${JSON.stringify(data)}`;
  const sign = crypto.createHash("sha256").update(str, "utf-8").digest("hex");
  return axios.post(
    APIURL.checkoutURL,
    {
      ...data,
    },
    {
      headers: {
        // "Content-Type": "application/json;charset-uf8",
        Appid: app_id,
        Sign: sign,
        Timestamp: timestamp,
      },
    }
  );
};

handleDeposit({
  product_price: "0.6",
  product_name: "test",
  merchant_order_id: "2023",
}).then((res) => {
  console.log("res", res.data);
});
go
package main

import (
  "crypto/hmac"
  "crypto/md5" 
  "encoding/hex"
  "encoding/json"
  "fmt"
  "time"
)

func main() {

  appId := "your AppId"
  appSecret := "your Secret"
  
  // Signing
  hasherMD5 := hmac.New(md5.New, []byte(appSecret))

  // No request params
  uri := "/merchant/wallet/api/v1/get/coin/list"
  timestamp := time.Now().Unix() 
  signStr := fmt.Sprintf("%s%s%d", appId, uri, timestamp)
  hasherMD5.Write([]byte(signStr))
  sign := hex.EncodeToString(hasherMD5.Sum(nil))
  fmt.Printf("Sign: %s\n", sign)

  // With request params
  uri = "/merchant/wallet/api/v1/new/user/wallet"
  args := struct {
    UserId   string `json:"UserId"`
    UserName string `json:"UserName"`
  }{
    UserId:   "100001",
    UserName: "testuser",
  }
  
  argsJson, _ := json.Marshal(args)
  timestamp = time.Now().Unix()
  signStr = fmt.Sprintf("%s%s%d%s", appId, uri, timestamp, argsJson)

  hasherMD5.Write([]byte(signStr))
  sign = hex.EncodeToString(hasherMD5.Sum(nil))

  fmt.Printf("Sign: %s\n", sign)

  // Making API call
  url := "https://api.example.com" + uri
  
  // Set headers
  headers := map[string]string{
    "AppId": appId,
    "Sign": sign,
    "Timestamp": fmt.Sprintf("%d", timestamp), 
  }

  // Make POST request
  resp, _ := http.Post(url, "application/json", bytes.NewBuffer(argsJson))

  // Handle response
}

For the specific fields of signature, please refer to the API interface and ensure the order of the fields.

Log in to your CCPayment account
Developer page,