- [About This Guide](./1) - [Introduction](./3) - [Business Introduction](./3) - [Business Process](./4) - [Integration Guide](./7) - [Ready to Access](./7) - [Acquire PID and MD5 Key](./7) - [RSA Key Configuration](./8) - [Quick Integration](./9) - [API List](./11) - [Declaration Interface](./11) - [Request Parameters](./11#RequestParameter) - [Synchronous Reponse Parameters](./11#SynchronousReturn) - [Synchronous Response Features](./11#SynchronousReturnFeatures) - [Payment Information Retransmission](./11#Retransmission) - [Unified Customs Solution](./11#UnifiedCustomsSolution) - [Customs](./11#Customs) - [Business Error Codes](./11#ErrorCodes) - [Declaration Query Interface](./12) - [Request Parameters](./12#RequestParameter) - [Synchronous Reponse Parameters](./12#SynchronousReturn) - [Synchronous Response Features](./12#SynchronousReturnFeatures) - [Business Error Codes](./12#ErrorCodes) - [Merchant Processing Notes](./13) - [Digital Signature](./14)
Customs Declaration

About This Guide


支付宝备案名称: 支付宝(中国)网络技术有限公司 【括号请使用半角输入】

Customer Support
For technical questions, please contact Global Merchant Technical Support.
For non-technical questions, like how to sign up with Alipay, please contact Global Merchant Business Support .

Generate Pre-sign string

Parameters to sign

In the list of request and response parameters, all of them need to be signed except sign and sign_type. (sign_type also needs to be signed in some cases in the list of request parameters)

Generate Pre-sign string

Use the following code to package the data:

		//package the request parameters
		Map sParaTemp = new HashMap();
		sParaTemp.put("service", AlipayConfig.service);
                sParaTemp.put("partner", AlipayConfig.partner);
                sParaTemp.put("_input_charset", AlipayConfig.input_charset);
		sParaTemp.put("notify_url", AlipayConfig.notify_url);
		sParaTemp.put("return_url", AlipayConfig.return_url);
		sParaTemp.put("out_trade_no", out_trade_no);
		sParaTemp.put("subject", subject);
		sParaTemp.put("total_fee", total_fee);
		sParaTemp.put("body", body);
		sParaTemp.put("currency", currency);
		sParaTemp.put("product_code", product_code);
		split_fund_info = split_fund_info.replaceAll("\"", "'");
		sParaTemp.put("split_fund_info", split_fund_info);

Rearrange parameters in the data set alphabetically
And connect rearranged parameters with &:


This is the pre-sign string.

  • Parameters without a value, can be excluded from sign;
  • Charset in sign must be consistent with the charset used previously
  • If _input_charset is passed, it also shall be signed.
  • According to HTTP protocol, special character like &,@ needs to do URL encoding, therefore the request receiver can get correct value. In this situation, pre-sign string shall be the original value instead of encoded one. For example: calling a particular API need to sign the parameter email, the pre-sign string shall be email=test@msn.com, rather than email=test%40msn.com.

Signature Generation

MD5 Signature

Private Key is necessary for MD5 signature. The MD5 private key is the 32-byte string which is composed of English letters and numbers. Partner can log on the Merchant Service Center (https://global.alipay.com) to check the private key.

After the partner receives the pre-sign string during requesting, the private key should be appended to the pre-sign string to generate the new string. Then this new string would be calculated with the MD5 signature algorithm by the MD5 signature function. Thus, the result 32-byte string is the signature result string. (the value is given to parameter “sign”)  

After receiving the pre-sign string during responding from Alipay system, the next step is the same as the procedure of Sign for request. When the 32-byte signature result string is generated, it should be verified whether the value is equal to the value of the parameter “sign”. If equal, the verification would be passed.

RSA, RSA2 Signature

Both private key and public key are necessary for RSA signature. Both private key and public key are generated with OPENSSL by partner. Partner and Alipay need to exchange their own public key. Therefore, partner uses Alipay public key and partner private key.

After the partner receives the pre-sign string during requesting, the partner private key and the pre-sign string are used in the RSA signature algorithm by the RSA signature function to get the result string. (the value is given to parameter “sign”)

After receiving the pre-sign string during responding from Alipay system, the Alipay public key, the pre-sign string and the parameter “sign” are used in the RSA signature asymmetric algorithm by the RSA signature function to accomplish the signature verification.