# Signature

Before the API integration, you need to get your APP ID and APP Secret.

## **Get APP ID and APP Secret**

CCPayment API authenticates your requests by APP ID and APP Secret. [Log in to your CCPayment account](https://admin.ccpayment.com/login), go to [**Developer page,**](https://admin.ccpayment.com/developer/config) you can find your **APP ID** and **APP** **Secret** on this page.

<figure><img src="https://760693906-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FKH8CbFKQ8Cydt24cgg2C%2Fuploads%2FdAdPqxqVEZLSLDrM8cCo%2FAPP%20id%20and%20secret%20guide.png?alt=media&#x26;token=b991eaab-822f-4382-9d3b-fdd64b7f465a" alt=""><figcaption></figcaption></figure>

{% hint style="warning" %}
[**APP ID and APP Secret** carries many privileges, so be sure to keep it secure. Please do not share your developer information in publicly accessible areas such as GitHub, client code, etc.](#user-content-fn-1)[^1]
{% endhint %}

## Signature **Guide**

The body of HTTP is a json string.

Add the content in body of HTTP to the signature. Ensure the body content matches the signature content. As soon as CCPayment receives the request, the body content will be read and the signature will be verified.

If you use a tool to simulate the request, please make sure that the data in the body will **not be formatted by json**. Always make sure the body is a **json string**; for example, if you use postman, you should choose text format.

### Examples

{% tabs %}
{% tab title="Java" %}

```
https://www.geeksforgeeks.org/sha-256-hash-in-java/

```

{% endtab %}

{% tab title="PHP" %}

```php
$str = $appId.$appSecret.strval(time()).json_encode($body);
$sign = SHA256Hex($str);

function SHA256Hex($str){
    return hash('sha256', $str);
}
```

{% endtab %}

{% tab title="Python" %}

```php
#Python 3.7.4 
import hashlib
from time import time

data_str = json.dumps(body)
a_string = appId + appSecret + str(time())+data_str

hashed_string = hashlib.sha256(a_string.encode('utf-8')).hexdigest()
print(hashed_string)

```

{% endtab %}

{% tab title="Node" %}

```naniscript
import crypto from "crypto";
let str = appId + appSecret + (Math.floor(Date.now() / 1000)) + JSON.stringify(body);
let sign = crypto.createHash('sha256').update(str, 'utf8').digest('hex');
```

{% endtab %}

{% tab title="Golang" %}

```go
bytes, err := json.Marshal(body)
str := fmt.Sprintf("%s%s%d%s", AppId, merchant.AppSecret, time.Now().Unix(), string(bytes))

sign := Hash256([]byte(str))

func Hash256(byte2 []byte) string {
	hash := sha256.Sum256(byte2)
	code := hex.EncodeToString(hash[:]) //hex
	return code
}
```

{% endtab %}
{% endtabs %}

{% hint style="info" %}
For the specific fields of signature, please refer to the API interface and ensure the order  of the fields.
{% endhint %}

####

[^1]: