Required headers
每个请求必须包含三个必需请求头:
X-Timestamp | Unix 时间戳(秒) |
X-Signature | hex 格式的 HMAC-SHA256 请求签名 |
X-Client-Id | 您的商户 ID |
Signature generation
签名基于 timestamp 和请求体生成。
格式:
{timestamp}.{canonicalBody}
Format description
timestamp | 当前 Unix 时间(秒) |
canonicalBody | 转换为规范格式的 JSON 请求体 |
签名算法:
重要要求:
示例:
Authorization errors
401 Invalid X-Timestamp
{
"status": 401,
"message": "Invalid X-Timestamp"
}401 Expired X-Timestamp
{
"status": 401,
"message": "Expired X-Timestamp"
}401 Invalid X-Signature
{
"status": 401,
"message": "Invalid X-Signature"
}401 Invalid token
{
"status": 401,
"message": "Invalid token"
}401 Merchant secret not configured
{
"status": 401,
"message": "Merchant secret not configured"
}500 Internal Server Error
{
"status": 500,
"message": "Internal Server Error"
}