Note: In the service provider mode, the following information of the service provider is used
1. Certificate
1.1 Merchant API certificate (both v2 and v3 interfaces need to be used)
1.1.1 Obtaining method:
What is a Merchant API Certificate? How to obtain merchant API certificate? (merchant api certificate
), which introduces the detailed steps on how to obtain the merchant certificate
1.1.2 Function:
v3 interface:
Use the private key of the merchant api certificate to generate a signature (signature official document: signature generation-interface rules | WeChat payment merchant platform document center ), a total of three certificate files, a description file (recommended to read), and the private key of the merchant api certificate It is the apiclient_key.pem file (code loading, refer to the official document: https://pay.weixin.qq.com/wiki/doc/apiv3/wechatpay/wechatpay7_1.shtml), the remaining two certificate files are currently my personal It is not found that the v3 interface needs to be used, and the technical support also replied in the same way.
v2 interface:
There will be a special reminder in the document for the interface that needs to use the certificate for the v2 interface:
For p12 certificates used in general development languages, refer to the link for details: https://pay.weixin.qq.com/wiki/doc/api/jsapi_sl.php?chapter=4_3
Note:
1. PHP usage reference document
2. For .NET environment development, please confirm that the Framework version is greater than 2.0, and the certificate apiclient_cert.p12 must be installed by double-clicking on the operating system before it can be called normally.
3.apiclient_cert.p12 is the merchant certificate file, which is used for development except PHP. The official sdk contains sample code, shown here is the java language
1.1.3 How to check whether the certificate is used correctly (common checking method for v2 and v3 interfaces):
Go to the certificate analysis website to analyze ( certificate view ) the apiclient_cert.pem file, check its certificate serial number, and compare it with the certificate serial number of the merchant platform. (These three files are usually put together when downloading the certificate, and judge whether the one used is correct according to the apiclient_cert.pem file
1.1.4 Viewing method and function of merchant api certificate serial number (v3 interface)
View: Log in to the WeChat merchant management background with an administrator account, and click View Certificate in API Security to obtain it.
Role: Build a signature for declaring the certificate used
1.2 WeChat payment platform certificate (used by v3 interface)
1.2.1 Obtaining method
1: Interface acquisition (official document: platform certificate - document center - WeChat payment merchant platform , code (java): https://github.com/wechatpay-apiv3/wechatpay-apache-httpclient
2: Official tools: ( SDK, Tools | WeChat Payment Merchant Platform Documentation Center )
3: postman ( https://github.com/wechatpay-apiv3/wechatpay-postman-script ): After configuration, it can be downloaded directly, and then decrypted (reference for decryption: certificate and callback message decryption - interface rules | WeChat Pay Merchant Platform Documentation center
It can be used (recommended to use during testing, by the way, check whether the parameters of the signature are correct)
1.2.2 Function:
1. Signature verification of user callback information (signature verification document: signature verification-interface rules | WeChat payment merchant platform document center ), there are many methods of signature verification, which are not provided here, [important]:
This order cannot be changed. If the order is changed, the signature verification will fail. Do not modify the order returned by the interface. Some methods may modify the order (pro-test plus consultation).
2. Sensitive information encryption and decryption ([ Sensitive Information Encryption and Decryption-Interface Rules | WeChat Payment Service Provider Platform Documentation Center ])
1.2.3 Check whether the WeChat payment platform certificate is used correctly:
1: Check whether the serial number of the WeChat payment platform certificate returned by the callback information is consistent with the serial number of the merchant’s existing WeChat payment platform certificate. If not, please download again
. If the serial numbers of the payment platform certificates are inconsistent, it should be that the merchant number of the downloaded WeChat payment platform certificate is not the merchant of the current callback order
1.2.4 How to obtain the serial number of the WeChat payment platform certificate and its function
Acquisition: Consistent with the acquisition method of the WeChat payment platform certificate (corresponding field: serial_no)
Function: 1. The callback parameter is returned to the merchant to verify the security of the return (it can also be used to distinguish which merchant’s callback is, because each The serial number of the merchant’s WeChat payment platform certificate is inconsistent)
2. When the user’s sensitive information is encrypted, it is used as an encrypted identifier
Note: The serial number of the certificate returned by the callback and when requesting the interface is the serial number of the WeChat payment platform certificate, not the serial number of the merchant API certificate. The two are different.
2. apiv3 key (used by v3 interface)
2.1 How to set:
What is an APIv3 key? How to set it up? (The document explains how to set it up, and the screenshot of the merchant platform is not provided here)
2.2 Function:
Under the v3 interface, the merchant decrypts the payment callback (consulting technical support said that the logic is that the callback notification sent to us is encrypted using the apiv3 key set by our merchant platform, so it is also used for decryption. There are three possibilities for decryption failure: 1. The apiv3 key is wrong, which is different from the one set at that time. 2. The apiv3 key used is not the apiv3 key set under the corresponding merchant account of the current order) (official decryption: certificate and callback message decryption - interface rules | WeChat payment Merchant platform document center , pro-test error AEADBadTagException: Tag mismatch! The inspection is caused by apiv3 key error
) 3. The decrypted parameters are incomplete, please check the integrity of the callback parameters
3.apiv2 key (used by v2 interface)
3.1 How to set:
What is an APIv2 key? How to set or modify? (The document explains how to set it up, and the screenshot of the merchant platform is not provided here)
3.2 Function:
When the merchant calls the v2 interface, use the api key to sign, or verify and decrypt the callback information returned by the v2 interface (some callbacks need to be decrypted, such as refund callbacks)