Signature Specification

To ensure the security of data transmission, we use the MD5 encryption algorithm.

Please note: Alipay Payout, Bank Card Payout, Balance Query interfaces also require parameter signature.

I. Signature Rules

1. Parameter Sorting

Sort all key=value data sent to the API in ASCII ascending order (lexicographical order) by key.

Exclude the following parameters:

sign (The signature itself)
sign_type (Signature type, if used)
Parameters with empty values (Empty String)

2. Concatenate Parameter String

Connect the sorted parameters in the form of key=value using the & character.

For example:

amount=50000&notify_url=https://xxx.xxx&payment_cl_id=DEVPM00014581&platform_id=PF0002&request_time=1595504136&service_id=SVC0001

3. Append Secret Key (Platform Key)

Append &key={your_platform_key} to the end of the above string.

For example:

amount=50000&notify_url=https://xxx.xxx&payment_cl_id=DEVPM00014581&platform_id=PF0002&request_time=1595504136&service_id=SVC0001&key=ThisIsYourSecretKey123

4. Generate Signature (MD5)

Perform MD5 encryption on the final concatenated string and convert the result to a lowercase 32-character string. This is your sign value.

II. Signature Code Example (Java)

public static String sign(String content, String key) {
    String signStr = content + "&key=" + key;
    return DigestUtils.md5Hex(signStr).toLowerCase();
}

III. Verify Signature

When receiving callback notifications or query results, the response will also contain a sign parameter. Please use the same rules (sort and concatenate all returned parameters except sign) plus your key to calculate MD5, and compare whether the results are consistent to ensure data has not been tampered with.

I. Signature Rules​

1. Parameter Sorting​

2. Concatenate Parameter String​

3. Append Secret Key (Platform Key)​

4. Generate Signature (MD5)​

II. Signature Code Example (Java)​

III. Verify Signature​