Access Rules
Overview
Access Rules provide standardized integration guidelines for merchants to quickly and properly complete system integration. Following the access rules in this document ensures secure communication, accurate data transmission, and smooth business processes between merchant systems and the payment platform.
Integration Principles
- Standardization: Follows RESTful API design specifications with clear and unified interface definitions
- Security: Adopts multiple security mechanisms including signature verification, IP whitelist, HTTPS encryption, etc.
- Reliability: Complete exception handling mechanisms and retry strategies to ensure business continuity
- Usability: Detailed documentation and sample code to lower the integration threshold
Security Mechanisms
Our platform adopts industry-standard security mechanisms to ensure transaction security:
| Security Mechanism | Description |
|---|---|
| Signature Verification | All API requests require digital signatures to prevent data tampering |
| HTTPS Transmission | Mandatory use of HTTPS protocol to ensure encrypted data transmission |
| IP Whitelist | Supports configuring request IP whitelist to restrict access sources |
| Sensitive Information Encryption | Sensitive fields are encrypted during transmission to ensure information security |
Communication Protocol
- Protocol: HTTPS
- Data Format: JSON / Form-data
- Character Encoding: UTF-8
- Request Method: POST
Environment Description
| Environment Type | Environment Address | Purpose |
|---|---|---|
| Test Environment | https://test-api.example.com | For development and testing |
| Production Environment | https://api.example.com | For formal transactions |
Tip
Merchant numbers and secret keys for test and production environments are independent. Please ensure you use the correct configuration for the corresponding environment.
Pre-integration Preparation
Before starting integration, please ensure the following preparations are completed:
- Obtain Access Credentials: Including merchant number (mchNo), application ID (appId), and API secret key (key)
- Configure Server: Ensure the server can normally access the payment platform API address
- Prepare Callback Interface: Develop asynchronous notification receiving interface for receiving payment result notifications
- Understand Business Processes: Familiarize yourself with payment, refund, query, and other business processes
FAQ
Q: What should I do if signature verification fails?
A: Please check if the signature algorithm is correct, if parameters are sorted by ASCII code, and if the secret key is correct.
Q: What should I do if I don't receive asynchronous notifications?
A: Please check if notifyUrl is accessible, if it returns the "success" string, and if the server has firewall blocking.
Q: How do I switch between test and production environments?
A: Simply modify the API address and corresponding merchant number and secret key.
Details
- API Access Rules - Detailed API access specifications, signature algorithms, and error code descriptions