Signature

To ensure secure API calls, the SanSan Fintech platform authenticates each request and response through signatures.

Merchant need to use the signature algorithm SHA256withRSA to sign the request string and the response string. The signature result is Base64 encoded and corresponds to the sign field of the request and response.

Merchant will receive the 2048-bit RSA platform public key (Base64 encoding format) allocated by the platform in advance. At the same time, the platform requires merchant to provide the 2048-bit RSA merchant public key (Base64 encoding format) in advance.

The entire request and response process involves two pairs of RSA keys: the platform public key and platform private key belonging to the platform, and the merchant public key and merchant private key belonging to the access party. The public key is used to verify the signature, and the private key is used to generate the signature.

Request string to be signed

Serialize the requested bizContent field into JSON.

{
  "order_sn": "ABC12345678",
  "currency": "USD",
  "amount": "999.22",
  "payerID": 157774,
  "purposeOfTransaction": "ACCOUNTING_SERVICE",
  "description": "Goods Payment",
  "skip3ds": "True"
}

Merchant：The signature of the request string should be generated using the merchant's private key first, and then Base64 encoded. The result is used as the value of the sign field in the request.

SanSan Fintech：The value of the sign field in the request will be Base64 decoded, and then the merchant's public key is used to verify the signature.

Response string to be signed

SanSan Fintech：The platform private key is used to generate a signature for the response string to be signed, and then Base64 encoding is performed. The result is used as the value of the sign field in the response.

Merchant：The value of the sign field in the response need to Base64 decoded first, and then use the platform public key to verify the signature.

Tool Samples