Security check at the checkout counter:
reqParam1=val1
reqParam2=val2
reqParam3=val3
sign=MD5Encode(req1, req2, req3...)+salt (salt is configured by operation and maintenance, and is configured with the same value on the payment side and the side that calls the payment)
When the payment is processed, check whether the input parameter has been modified according to the signature. If it is modified, an error will be reported.
Those with bad intentions do not know the signature generation rules (the ghost can know it), after modifying the parameters, because the correct signature cannot be configured, a verification error will be reported, and the request cannot be forged.