Request & Response

There are some basic rules for PTS request and response. Please check these rules before starting your implementation.

1. All request and data are using UTF-8 format.
2. The payment request is based on HTTPS protocol, only POST form is supported.
3. All parameters & participate in signature must be sorted in ASCII. Null values still need to be added to signature.
4. All requests have specified header. Please follow the setting for the request header.
5. Please ask our customer service team for API Host URL
6. Please let us know your Host IP, so we can add your IP into whitelist

Request Format

Please following guide to build your request:

1. Prepare your request data and generate the signature.
2. Convert request body into JSON string.
3. Encrypt request JSON string by AES-ECB-PKCS7 with your merchant safecode.
4. Encode your encrypted string via base64_encode and get the final request string.
5. Content-Type of HTTPS requests should be text/plain

// Prepare your request data and generate the signature
{
    "order_id": "20210514183849",
    "amount": "40000",
    "currency": "CNY",
    "timestamp": "1612245402",
    "callback_url": "http://my.service/callback",
    "redirect_url": "https://my.service/redirect",
    "channel": "alipay",
    "bank_code": "",
    "remark": "test",
    "user_id": "1",
    "sign": "lOp6SoczkquxzYTDufsVTIjjTdKuCGZnGEa7…."
}

// Convert request body into JSON string
{"order_id":"20210514184046","amount":"40000","currency":"CNY","timestamp":"1612245402","callback_url":"http://my.service/callback","redirect_url":"https://my.service/redirect","channel":"alipay","bank_code":"","remark":"test","user_id":"1","sign":"lOp6SoczkquxzYTDufsVTIjjTdKuCGZnGEa7..."}

// Encrypt JSON string by AES-ECB-PKCS7 with your merchant safecode, and convert it into base64_encode
wbTkX4OdkK8xqvrnqqKalTp/XiC+svRLvgu6UGQ5gDPx9iTRSS3ng8cRkLwfrxnN3Ba4YZAtMtb2PahMj0KNz56ovbuctKsMWMjztpIn2eLCHWNzVHRrU8eJ/aG0OgDztdceON2xBGYEtzpyf1Lc9jycfnd35tANhZgWFlNvCPrTNsbTjrVA3fH1gOKzn35CfHsuyWertBQjp/FqMkDWa7G1gRxXa2L1s...

// Then, now you can send request via HTTPS Post in text/plain

PHP

function sendRequest(string $apiUrl, string $safecode, array $params)
{
  $token = getToken();
  $header = [
    'Content-Type: text/plain',
    'Authorization: '. $token
  ];

  $params['sign'] = generateSignature($params, $safecode);
  $jsonString = json_encode($params);
  $encrypt = openssl_encrypt($jsonString, 'AES-256-ECB', $safecode, OPENSSL_RAW_DATA);
  $body = base64_encode($encrypt);

  $ch = curl_init();
  curl_setopt_array($ch, [
    CURLOPT_URL => $apiUrl,
    CURLOPT_HTTPHEADER => $header,
    CURLOPT_POSTFIELDS => $body,
    CURLOPT_CUSTOMREQUEST => 'POST',
    CURLOPT_ENCODING => 'utf-8',
    CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
    CURLOPT_USERAGENT => 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Firefox/38.0',
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_FOLLOWLOCATION => true,
    CURLOPT_TIMEOUT => 0,
  ]);

  $response = curl_exec($ch);
  curl_close($ch);

  return $response;
}

Java

public void sendRequest(String apiUrl, Map params, List<String> ignoreFields)
{
  JSONObject jsonObj = new JSONObject();
  SortedSet<String> sortedParams = new TreeSet<>(params.keySet());
  for (String key: sortedParams) {
    jsonObj.put(key, aMap.get(key));
  }
  jsonObj.put("sign", generateSignature(params, ignoreFields, safecode));

  Unirest.setTimeouts(0, 0);
  HttpResponse<JsonNode> jsonResponse = Unirest.post(apiUrl)
    .header("Content-Type", "text/plain")
    .header("Authorization", getToken())
    .body(aes256Encode(jsonObj.toString(), safecode))
    .asJson();
}

Python

import json
import requests
from aes import AESCrypt

def sendRequest(apiUrl, params, accessToken):

  signStr = generateSignature(params)
  params['sign'] = rsa_sign(signStr)
  jsonStr = json.dumps(params, indent=4, ensure_ascii=False)
  aesStr = AESCrypt(safecode).__encrypt__(jsonStr).decode('utf-8')

  response = requests.post(url=apiUrl, data=aesStr, headers={
    'content-type': 'text/plain',
    'Authorization': accessToken
  })
  if (response.status_code == 200):
    return response.text
  else:
    return None

Response format

The responses and callbacks from PTS will follow this format.

Content-Type: application/json

Param	Type	Required	Description
code	string	✅	Success return 1000 and else are failure indexes
message	string	✅	Result description
data	array	❌	Provides when code is 1000

// Example
{
    "code": "1000",
    "message": "Accepted",
    "data": {
        // available while code=1000
    }
}