# Interface parameter signature process
# content
| Parameter Name | Required | Type | Length Limit | Example | Description |
|---|---|---|---|---|---|
| appId | Yes | string | - | 45eebd745dcf0b5f6d6f9fcde28cd9fe8116a892 | app id (provided by Swifood) |
| storeKey | Yes | string | 100 | CVIEIYUNHTS0 | store key (provided by Swifood) |
| param | Yes | string | - | - | request param content string |
| sign | Yes | string | - | RSA sign of param |
# give typical examples
{
"appId": "45eebd745dcf0b5f6d6f9fcde28cd9fe8116a892",
"storeKey": "CVIEIYUNHTS0",
"sign": "abcdef",
"param": "{}"
}
# explanation
appIdis a fixed value provided by Swifood- According to the specific interface document, construct the request parameter, format the request parameter into JSON
format, and use it as the value of
param; - Use the RSA private key to sign
param, and the resulting value is used as the value ofsign.
# appendix rsa usage example java language
Generate an RSA key pair:
import java.security.*;
import java.util.Base64;
public class RsaGenerateKeyPair {
public static void main(String[] args) throws NoSuchAlgorithmException {
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
keyPairGenerator.initialize(2048);
KeyPair keyPair = keyPairGenerator.genKeyPair();
PublicKey publicKey = keyPair.getPublic();
byte[] publicKeyBytes = publicKey.getEncoded();
String publicKeyBase64 = Base64.getEncoder().encodeToString(publicKeyBytes);
System.out.println(publicKeyBase64);
PrivateKey privateKey = keyPair.getPrivate();
byte[] privateKeyBytes = privateKey.getEncoded();
String privateKeyBase64 = Base64.getEncoder().encodeToString(privateKeyBytes);
System.out.println(privateKeyBase64);
}
}
Please submit the RSA public key to Swifood, please do not disclose it to any third party.
The RSA private key is kept by the merchant, please do not disclose it to anyone.
When a merchant requests Swifood Open API, the merchant uses the RSA private key to sign the request parameters, and PayCools will use the RSA public key provided by the merchant to verify the signature in the request. If authentication fails, the PayCools server refuses to process the request.
# example key pair
RSA public key:
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAna4Dyz8nGJiAlc9jTGyRa+TtlZXYABTc+Xfb3T4NdDbnUO8vtNLHugwmqARp8kzEzsMRbmvKro4EpaXqANn7SAGo+YI6sVUDmX7ESk3P6j51PtTvWR6dikJN6qwtmV64ojEbxDnIBL3VKuctefL8uPcI7MZBUPBXg9l8CZmnn2cKqWjZ8MuEQr4G45IqmJ0tRsRmW9ofNnvI1MLPt7c/Z/D1E6HKVwjPcMZKMuF0HpIDqdQaPX83dlSzv9FF9jFR8HWfWW8Oz3jz+GtSLSdh2ERcyO56WHpWl1POV4o9jF+4R/oBgcH+0zA1Z2aFfQf/n9miMhacrioStBaHkh1f/QIDAQAB
RSA private key:
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCdrgPLPycYmICVz2NMbJFr5O2VldgAFNz5d9vdPg10NudQ7y+00se6DCaoBGnyTMTOwxFua8qujgSlpeoA2ftIAaj5gjqxVQOZfsRKTc/qPnU+1O9ZHp2KQk3qrC2ZXriiMRvEOcgEvdUq5y158vy49wjsxkFQ8FeD2XwJmaefZwqpaNnwy4RCvgbjkiqYnS1GxGZb2h82e8jUws+3tz9n8PUTocpXCM9wxkoy4XQekgOp1Bo9fzd2VLO/0UX2MVHwdZ9Zbw7PePP4a1ItJ2HYRFzI7npYelaXU85Xij2MX7hH+gGBwf7TMDVnZoV9B/+f2aIyFpyuKhK0FoeSHV/9AgMBAAECggEAYyqq5iucqgJXdGCO4eSx/LpolZg81ahJZXf1RgqdqYZSKnuTdFTQGflEYo0MGMAhUqwqDVkrimZ1E7zqE4kEWT/6BpnZ0edWsTWhu91+MqL/V/nRYio4CFk06a9JqliBJDhgbyOr4ReGtknYNwcT3Dw5V7hEIeRWFe007lC9tCi7mlpzBNwEIf4itmnncuA70GlxcoMkoGzfYg79eUCfXorbfJcaamR2wXLSU6KoJ422UR3L0rgzmgXzVQw9rrlQ3h6viDykKfaPi/43MN2qb6Zu5isbJIzyz0kHrcE6KJMgJhBDkLIo0f0qE/rEl1Xp/qDwr4+3WBfCHeuTFsud/QKBgQDXmA3f0/ONPMgEGdJlwG20W+7jXHabnRPuUJyDQKbtP+vuaKrpzN+jC1rlxBfAJj2iAVXXXM/RFWWapBd16TqGI4P3RW8eocaxhyl8rWSvCOy/OueNI+fM8gX/IjsJc7VMmCEWHuLvXoM2ixXPWP3v0DEPPPDrCd5dnjR6+5oGgwKBgQC7O03ps4KzMUzEtJcrFFKV0C/m1X905OqQ3cKQnGqRzLp/7d9DQsv+oKzjlpz1xktdJmig7ABiL0+FqJHdcrNiVabI5c6oS2SZkToQFlKv2GYT2KikJ0L43xLfiDvB3tues//9OXuU0WzXZqq7CNAvcmAdPjlFi9RxHsRGABo3fwKBgEi2EJ/XpQGSaUbwyoPktVsp0lS9/4aWIH20lES0DlhfwZuDk3kMzrP3hW2OiBAXFZxI5QGgXLqAg+b2xq7OvR02ZzCDK2niV9fR5Q0Wkaly0h3gqO1yGaCGU71rdwvGCXROroH+Yr0mXAyONgnbUrGJvrIL9JjgmC1syPhdWOIvAoGBAJHJbbNpWX3aB2KrE4IxwtRwVLwyxZnpnVPLuPINOVXpydZPDCc9XcYYqkZUQkeFba1MeO/Ek8/f8tWqGloKM+9/reyENFQK0Hxa/pEEMMJHh8QwUa/v+k/6sqFnXNBqjSuYEN3F4ppQL6XRhWM5S5GGR5y9lK64YGTshfvTnJZVAoGBAJ3TmJcRJWfi7CA985VAnE+IQoQfKKz9NTT7hGBwWTVd7iUc0QCpgHNIixZnfVcjKxz7Hhq6Vy+cEbDBtwbSuDfuVf1spiiqOuYVIjFqq5AsuvpX1CJmm7V+LRtJO/NXmXQP5YfojzET9NqTZvGEVXuzPA0qp8JC7HKrCYykscqE
# RSA sign:
import java.security.KeyFactory;
import java.security.Signature;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Base64;
public class RsaSign {
public static final String PRIVATE_KEY = "MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCdrgPLPycYmICVz2NMbJFr5O2VldgAFNz5d9vdPg10NudQ7y+00se6DCaoBGnyTMTOwxFua8qujgSlpeoA2ftIAaj5gjqxVQOZfsRKTc/qPnU+1O9ZHp2KQk3qrC2ZXriiMRvEOcgEvdUq5y158vy49wjsxkFQ8FeD2XwJmaefZwqpaNnwy4RCvgbjkiqYnS1GxGZb2h82e8jUws+3tz9n8PUTocpXCM9wxkoy4XQekgOp1Bo9fzd2VLO/0UX2MVHwdZ9Zbw7PePP4a1ItJ2HYRFzI7npYelaXU85Xij2MX7hH+gGBwf7TMDVnZoV9B/+f2aIyFpyuKhK0FoeSHV/9AgMBAAECggEAYyqq5iucqgJXdGCO4eSx/LpolZg81ahJZXf1RgqdqYZSKnuTdFTQGflEYo0MGMAhUqwqDVkrimZ1E7zqE4kEWT/6BpnZ0edWsTWhu91+MqL/V/nRYio4CFk06a9JqliBJDhgbyOr4ReGtknYNwcT3Dw5V7hEIeRWFe007lC9tCi7mlpzBNwEIf4itmnncuA70GlxcoMkoGzfYg79eUCfXorbfJcaamR2wXLSU6KoJ422UR3L0rgzmgXzVQw9rrlQ3h6viDykKfaPi/43MN2qb6Zu5isbJIzyz0kHrcE6KJMgJhBDkLIo0f0qE/rEl1Xp/qDwr4+3WBfCHeuTFsud/QKBgQDXmA3f0/ONPMgEGdJlwG20W+7jXHabnRPuUJyDQKbtP+vuaKrpzN+jC1rlxBfAJj2iAVXXXM/RFWWapBd16TqGI4P3RW8eocaxhyl8rWSvCOy/OueNI+fM8gX/IjsJc7VMmCEWHuLvXoM2ixXPWP3v0DEPPPDrCd5dnjR6+5oGgwKBgQC7O03ps4KzMUzEtJcrFFKV0C/m1X905OqQ3cKQnGqRzLp/7d9DQsv+oKzjlpz1xktdJmig7ABiL0+FqJHdcrNiVabI5c6oS2SZkToQFlKv2GYT2KikJ0L43xLfiDvB3tues//9OXuU0WzXZqq7CNAvcmAdPjlFi9RxHsRGABo3fwKBgEi2EJ/XpQGSaUbwyoPktVsp0lS9/4aWIH20lES0DlhfwZuDk3kMzrP3hW2OiBAXFZxI5QGgXLqAg+b2xq7OvR02ZzCDK2niV9fR5Q0Wkaly0h3gqO1yGaCGU71rdwvGCXROroH+Yr0mXAyONgnbUrGJvrIL9JjgmC1syPhdWOIvAoGBAJHJbbNpWX3aB2KrE4IxwtRwVLwyxZnpnVPLuPINOVXpydZPDCc9XcYYqkZUQkeFba1MeO/Ek8/f8tWqGloKM+9/reyENFQK0Hxa/pEEMMJHh8QwUa/v+k/6sqFnXNBqjSuYEN3F4ppQL6XRhWM5S5GGR5y9lK64YGTshfvTnJZVAoGBAJ3TmJcRJWfi7CA985VAnE+IQoQfKKz9NTT7hGBwWTVd7iUc0QCpgHNIixZnfVcjKxz7Hhq6Vy+cEbDBtwbSuDfuVf1spiiqOuYVIjFqq5AsuvpX1CJmm7V+LRtJO/NXmXQP5YfojzET9NqTZvGEVXuzPA0qp8JC7HKrCYykscqE";
public static void main(String[] args) throws Exception {
String param = "{\n" +
" \"appId\": \"str1\",\n" +
" \"appName\": \"str2\",\n" +
" \"channelCode\": \"str3\",\n" +
" \"mchOrderId\": \"str4\",\n" +
" \"amount\": 2000,\n" +
" \"notifyUrl\": \"str5\",\n" +
" \"customerName\": \"str6\",\n" +
" \"email\": \"str7\",\n" +
" \"mobile\": \"str8\",\n" +
" \"remark\": \"str9\"\n" +
"}";
Signature signature = Signature.getInstance("SHA256withRSA");
signature.initSign(KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(Base64.getDecoder().decode(PRIVATE_KEY))));
signature.update(param.getBytes());
byte[] bytes = signature.sign();
String sign = Base64.getEncoder().encodeToString(bytes);
System.out.println(sign);
}
}
signvalue of:
Leh6eu60as3iiiWJiimZxZv9SKKBxyGUUoaHW0K3qZp8p4I6eyCTa4KkcZHFwE7lF16oOz5InSwDOGLAix+EMOqT8bZb/w+jzC0xGp9xdgLKEPm6woinauimyBBwvHfEydnFhrOX240XgMwMH5av9VyUIyngYslcn7PhY6zvyaQr1MYEmpkMit5m1o7iWd7sBgeXWixxCXtrKMbrG2TLepZnymk+t+nh+nR4sH66gD+uXPSq0/SzrgbChuDcdr8ybdtLOuXKX4FdM2WnvzmgSncJrU9RyRUzu6EKzCutfsYaNkV8ii70Tkabc4p4HRzaotCJ7kHyuHBPL6k0sncZrg==
# RSA signature verification
import java.security.KeyFactory;
import java.security.Signature;
import java.security.spec.X509EncodedKeySpec;
import java.util.Base64;
public class RsaVerifySign {
public static final String PUBLIC_KEY = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAna4Dyz8nGJiAlc9jTGyRa+TtlZXYABTc+Xfb3T4NdDbnUO8vtNLHugwmqARp8kzEzsMRbmvKro4EpaXqANn7SAGo+YI6sVUDmX7ESk3P6j51PtTvWR6dikJN6qwtmV64ojEbxDnIBL3VKuctefL8uPcI7MZBUPBXg9l8CZmnn2cKqWjZ8MuEQr4G45IqmJ0tRsRmW9ofNnvI1MLPt7c/Z/D1E6HKVwjPcMZKMuF0HpIDqdQaPX83dlSzv9FF9jFR8HWfWW8Oz3jz+GtSLSdh2ERcyO56WHpWl1POV4o9jF+4R/oBgcH+0zA1Z2aFfQf/n9miMhacrioStBaHkh1f/QIDAQAB";
public static void main(String[] args) throws Exception {
String param = "{\n" +
" \"appId\": \"str1\",\n" +
" \"appName\": \"str2\",\n" +
" \"channelCode\": \"str3\",\n" +
" \"mchOrderId\": \"str4\",\n" +
" \"amount\": 2000,\n" +
" \"notifyUrl\": \"str5\",\n" +
" \"customerName\": \"str6\",\n" +
" \"email\": \"str7\",\n" +
" \"mobile\": \"str8\",\n" +
" \"remark\": \"str9\"\n" +
"}";
String sign = "Leh6eu60as3iiiWJiimZxZv9SKKBxyGUUoaHW0K3qZp8p4I6eyCTa4KkcZHFwE7lF16oOz5InSwDOGLAix+EMOqT8bZb/w+jzC0xGp9xdgLKEPm6woinauimyBBwvHfEydnFhrOX240XgMwMH5av9VyUIyngYslcn7PhY6zvyaQr1MYEmpkMit5m1o7iWd7sBgeXWixxCXtrKMbrG2TLepZnymk+t+nh+nR4sH66gD+uXPSq0/SzrgbChuDcdr8ybdtLOuXKX4FdM2WnvzmgSncJrU9RyRUzu6EKzCutfsYaNkV8ii70Tkabc4p4HRzaotCJ7kHyuHBPL6k0sncZrg==";
Signature signature = Signature.getInstance("SHA256withRSA");
signature.initVerify(KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(Base64.getDecoder().decode(PUBLIC_KEY))));
signature.update(param.getBytes());
boolean result = signature.verify(Base64.getDecoder().decode(sign));
System.out.println(result);
}
}
value of result:
true
# UAT environment order push callback interface signature verification key
Please do not disclose the public key to any third party.
The RSA private key is kept by the Swifood.
When the Swifood requests other merchant server, server will use the RSA public key provided by the Swifood to verify the signature in the request. If authentication fails, the merchant server refuses to process the request.
Swifood push order RSA public key:
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmkKwnkwoAGpEalUbM6TPg4ECcZBf2FYKst5gVQPrShYE6Wt4kmLsCVdHM0qoIr6TSiz0qhPwmhw898ZfzJdHPqckWka+4sUewYtxBOYC4a0Z8JYtQgTRxoK8Vvo9sXjW2pILrd0ZcB6QuHHzGC4AXjA1dB88mvsoNFi03eIhlCxFJ4fn0xA+1+359iTFymi+vTUmD6/OmphVAdTL9BYCq5NkzsoAsTmz+eF5xqkZlZ9vFhSikHN/Q/hpAW86hIs+Fq1b98ICGDRQZLrEH9E2/MB9VIzo4/U9jIf+0DPCALY8/WZJc1WXIBaDHBBVCq6xjM6JrBsF74jy01DBIP/C9wIDAQAB