Alipay, China's leading third-party online payment solutionAlipay, China's leading third-party online payment solution

Sign the request

The following figure illustrates a sample API request. The content enclosed by the two curly braces (inclusive) is what needs to be signed to create the RSA signature. And the generated signature is put in the signature parameter.

image

Perform the following steps to sign the message:

  1. Extract the content to be signed. For example:
copy
{
    "head":{
         "version":"2.0.0",
        "function":"alipay.intl.acquiring.agreement.payCancel",
        "clientId":"211xxxxxxxxxxxxxxx044",
        "reqTime":"2001-07-04T12:08:56+05:30",
        "reqMsgId":"1234567asdfasdf1123fda",
        "reserve":"{}"
           },
    "body":{
        "merchantId":"218xxxxxxxxxxxxxxx023",
        "acquirementId":"2015xxxxxxxxxxxxxxxxxxxxx747"
           }
 }
  1. Hash the JSON content by using the SHA1 with the RSA algorithm. Then use the client's RSA private key to sign the value to obtain the signature. To achieve a better security level, the length of the RSA key/pairs must be 2048 bits. The following sample illustrates a raw signature:
copy
sXSGdA4tR4B0wnF6Nr8ShpfNMtHISWuzLpdKoNWskIgCcspMVFFzgkez4BrmtYXkMqZh1tyz/8sNNU3F2VTu0fOx+ZP4CnmVjNu8bciu4hTtnytA3Y1GZ/yXAUD+mVYGXeyDO3fHrqDdI7k3xV/Q8FCOd0culTsN6RRMxMZq+oqR2x+EjOXVofp7BZJwhQE8Us4Al573FQz5EHDvCLx35lq2hoMhXLCVLVDBHcpCgotuY4mg91MXh/qqcFGY/hQKhGdWAbZ9tcp2Q5s2ESh37rqxnOwZrrepK8NC6vMBPUiSPxQefpev2nG0JzAHOjRPbBXYw1XBS6RBYKAmufZZiQ==
  1. Base64-encode the signature. A sample result is listed below:
copy
c1hTR2RBNHRSNEIwd25GNk5yOFNocGZOTXRISVNXdXpMcGRLb05Xc2tJZ0Njc3BNVkZGemdrZXo0QnJtdFlYa01xWmgxdHl6LzhzTk5VM0YyVlR1MGZPeCtaUDRDbm1Wak51OGJjaXU0aFR0bnl0QTNZMUdaL3lYQVVEK21WWUdYZXlETzNmSHJxRGRJN2szeFYvUThGQ09kMGN1bFRzTjZSUk14TVpxK29xUjJ4K0VqT1hWb2ZwN0JaSndoUUU4VXM0QWw1NzNGUXo1RUhEdkNMeDM1bHEyaG9NaFhMQ1ZMVkRCSGNwQ2dvdHVZNG1nOTFNWGgvcXFjRkdZL2hRS2hHZFdBYlo5dGNwMlE1czJFU2gzN3JxeG5Pd1pycmVwSzhOQzZ2TUJQVWlTUHhRZWZwZXYybkcwSnpBSE9qUlBiQlhZdzFYQlM2UkJZS0FtdWZaWmlRPT0=
  1. Use the obtained string as the value of the Signature parameter. The following sample shows a whole API request:
copy
{
"request":{
     "head":{
         "version":"2.0.0",
         "function":"alipay.intl.acquiring.agreement.payCancel",
         "clientId":"211xxxxxxxxxxxxxxx044",
         "reqTime":"2001-07-04T12:08:56+05:30",
         "reqMsgId":"1234567asdfasdf1123fda",
         "reserve":"{}"
            },
     "body":{
         "merchantId":"218xxxxxxxxxxxxxxx023",
         "acquirementId":"2015xxxxxxxxxxxxxxxxxxxxx747"
            }
},
"signature":"c1hTR2RBNHRSNEIwd25GNk5yOFNocGZOTXRISVNXdXpMcGRLb05Xc2tJZ0Njc3BNVkZGemdrZXo0QnJtdFlYa01xWmgxdHl6LzhzTk5VM0YyVlR1MGZPeCtaUDRDbm1Wak51OGJjaXU0aFR0bnl0QTNZMUdaL3lYQVVEK21WWUdYZXlETzNmSHJxRGRJN2szeFYvUThGQ09kMGN1bFRzTjZSUk14TVpxK29xUjJ4K0VqT1hWb2ZwN0JaSndoUUU4VXM0QWw1NzNGUXo1RUhEdkNMeDM1bHEyaG9NaFhMQ1ZMVkRCSGNwQ2dvdHVZNG1nOTFNWGgvcXFjRkdZL2hRS2hHZFdBYlo5dGNwMlE1czJFU2gzN3JxeG5Pd1pycmVwSzhOQzZ2TUJQVWlTUHhRZWZwZXYybkcwSnpBSE9qUlBiQlhZdzFYQlM2UkJZS0FtdWZaWmlRPT0="
}