Official documents Address: https://developers.weixin.qq.com/community/business/doc/000804439ac77080c8672c77451c0d?client=tim&ADUIN=1533578847&ADSESSION=1542695270&ADTAG=CLIENT.QQ.5591_.0&ADPUBNO=26867
One, the ability background
Since the release of Internet + national strategy, the industry redoubling its efforts to promote reform. Among them, many government public services, such as social security query, the query extracts fund, registered medical institutions, utilities fees etc. need to provide real-name user information. In addition, the mobile phone real name card handling, passenger train real-name ticket, real-name hotel occupancy and other industries in the implementation of real-name system.
Based on this, to give the user a better experience for Internet service in various industries + more smoothly, payment based on the real-name micro-channel user base, providing real-name micro-channel payment authorization interface payment account information. That is, through authorized users, service providers applet can obtain user information in micro-channel payment authentication name and identity card.
Second, access to reading
Name: getRealnameAuthInfo
Function: Authorized users, available to users (temporarily authorized to provide other documents of non-identity information) in a micro-channel payment authentication name and identity card information
Authentication: Users take the initiative because of the need to initiate the acquisition trigger real-name information interface, so the API functions are not invoked, required <button> click to trigger assembly. And requires the user to enter the micro-channel payment password authentication, authorization before count.
Compatible micro-channel version: iOS6.5.22 and Android6.5.22 and above
Call Prerequisite: After submission of qualification (1) applet appid get closed beta invite by platform approval; (2) a small program launched micro-channel payment accounts; (3) to the micro-channel pay staff to request a certificate
Open range: now closed beta invitation phase, whitelist opened. Always basis having the following contents, and Section III guidelines, subscription rights and then according to the interface documentation development, otherwise invalid.
Open Description:
Party service for applet, the applet body and a category, the category defined within the required range. The business also need to be carried out relevant national regulations, policies need to provide "real-name for" related operations.
Category branded payment stage micro-channel authorization interface capability information defining the opening comprising:
-
Government: Government agencies or institutions
-
Finance: banking, insurance
-
Medical: public medical institutions
-
Operators
-
Education: Public education institutions
-
Transportation: Airlines, passenger transport, the network about cars, transportation cards, shared transportation, rail transportation, car rental
-
Tourism: Hotels
-
Logistics: courier, postal services, logistics
Third, the interface application
Meet the open category described in section II of applets, can apply real-name micro-channel payment authorization interface. Please describe as follows, the application interface:
Tip: You must complete the following two-step description of the application is considered successful.
The first step: e-mail application, open a small program interface capabilities backstage entrance:
Please send e-mail application to work Tencent mailbox [email protected]. Tencent staff will mail reply whether the information is accurate, and whether the program has opened a small backstage entrance.
By following the path has been opened to see if the entry: Log applets mp.weixin.qq.com, in the Settings -> Interface settings to see if there is "real-name authorization" ability cards.
Mail application data entry reads as follows:
Micro-channel payment authorization interface measured real-name information request form |
||
No. |
Overview |
Specific information content |
1 |
Business Party Name |
(Service provider principal name) |
2 |
Usage scenarios and use of the interface |
(User usage scenarios and service contents of this interface) |
3 |
Using the name of the interface and the corresponding applet appid |
(Formal services applet) |
4 |
business number |
(Be sure the program is already bound small business numbers) |
5 |
Estimated average daily call volume |
(Number of calls, the number of users estimated) |
6 |
Estimated maximum amount of concurrent calls |
(The number of minutes of concurrent calls) |
7 |
Estimated mean daily amount of concurrent calls |
(The average number of minutes of concurrent calls) |
8 |
Party products business contact name, phone, email |
(Please provide full information) |
9 |
Business development side of the contact name, phone, email |
(Please provide full information) |
10 |
Tencent Interface name, e-mail |
(If so, please fill in. Please provide full information, the full name and email) |
Step Two: Online entry application permissions:
After receiving the inlet line has opened mail reply. Can log applet background (login mp.weixin.qq.com applet account in Settings - Interface capabilities) completed application interfaces permission. include:
Use category configuration, complete the relevant application information. And then wait for online approval.
Completion of the above two steps, and the line through the audit, to be developed in accordance with the follow-up call to the interface documentation.
Fourth, the interface documentation
4.1 Using the methods and parameters
Use:
Need to <button> set the value of open-type components for getRealnameAuthInfo, when the user clicks and agree that you can get a callback to auth_token micro-channel server returned by the bindgetRealnameAuthInfo event, then auth_token call the API to get the real name of the user information after encryption
Example:
<button open-type="getRealnameAuthInfo" bindgetrealnameauthinfo="authinfo" category-id="{{[99, 904]}}}>实名授权</button>
Call parameters are:
parameter |
Types of |
Explanation |
open-type |
String |
getrealnameAuthinfo, invoking the real-name specified authorization interface |
bindgetRealnameAuthInfo |
String |
Interface callback function |
category-id |
Array |
Applet category, a category and successively fill two categories |
4.2 acquiring small program categories
This section describes how to get the optional category authorized applet account
(1) request method: get (Please use the https protocol)
https://api.weixin.qq.com/wxa/get_category?access_token=TOKEN
(2) Parameter Description
access_token
(3) Returning to the description (JSON exemplary normal return):
{
"The errcode": 0,
"ErrMsg": "OK",
"category_list": [
{
"first_class": "Tools",
"second_class": "Memorandum" ,
"first_id":. 1,
"second_id": 2,
}
{
"first_class": "education",
"second_class": "academic education",
"third_class": "Higher"
"first_id":. 3,
"second_id":. 4 ,
"third_id": 5,
}
]
}
(4) Return Parameters:
Parameter Description
category_list selected from the category list can be filled
first_class a category name
second_class two categories Name
third_class three Category Name
first_id
a category ID number
second_id two classes object ID number
third_id three category ID number
(5) error code Description:
Code Description Returns
-1 system is busy
4.3 1 illustrates real name information
Real name after the message encrypted according to a user applet returns auth_token
2 Use
By https POST request, the data format is json
3 request url
https://api.weixin.qq.com/cgi-bin/wxopen/getrealnameinfo?access_token={access_token}
Description access_token See No. develop public documents , appid api use must be consistent appid applets
4 request parameters
parameter |
Types of |
Explanation |
auth_token |
String |
Applet return authorization credentials |
mch_id |
String |
No merchant payment |
cert_serialno |
String |
Certificate serial number (required capital, see Section V) |
timestamp |
uint32 |
In seconds, the smallest unit of unix timestamp, you must obtain the current time |
sign |
String |
Request signature, followed by detailed documentation on data encryption |
5 return parameters
parameter |
Types of |
Explanation |
encryted_real_name |
String |
Name encrypted, then decrypt the data format is GBK |
encryted_credential_id |
String |
Encrypted identification numbers |
Example:
#!/bin/bash
TOKEN='xxxxxxxxxxxx'
URL='https://api.weixin.qq.com/cgi-bin/wxopen/getrealnameinfo'
JSON='{ "auth_token": "xxx", "mch_id": "xxx", "cert_serialno": "xxx", "timestamp": 1234444, "sign": "xxx" }'
curl "${URL}?access_token=${TOKEN}" -d ${JSON}
6 Return codes
Return code Description:
Return code |
meaning |
94001 |
Lack cert_serialno parameters |
94002 |
The user is not registered micro letter payment |
94003 |
Signature is incorrect |
94004 |
No real-name user information |
94005 |
Illegal user token |
94006 |
appid unauthorized information obtained real name |
94007 |
appid no binding relationship with mchid |
94008 |
Illegal timestamp parameters |
94009 |
Cert_serialno illegal parameter, which length is 40 |
94010 |
No illegal businesses |
4.4 Data Encryption documentation
1 Description
Since the real name information is sensitive data, the data can not be transmitted in clear text, the developers need to be signed (Base64 encoded SHA256) request with the private key.
padding algorithm micro-channel will pay the user's name and identity card information encrypted with the public developers, developers can use the private key to decrypt the plaintext. Encryption is RSA_PKCS1_PADDING
Business number, see Part V get micro-channel payment certificate and private key certificate serial number guidance document
2 original signature string
cert_serialno={cert_serialno}×tamp={timestamp}
Signature example
#!/bin/bash
cert_serialno='1234567890'
timestamp=`date +%s`
private_key_file="1900006511_rsa_private_key.pem"
ori_content="cert_serialno=${cert_serialno}×tamp=${timestamp}"
echo $ori_content
sign=`echo -n $ori_content | openssl dgst -sha256 -binary -sign $private_key_file | base64 -w 0`
echo "sign: $sign"
解密示例
#!/bin/sh
encryted_real_name="BtqSM3KOyt+mDhJhyLCS9vsEoo3gTBupZHwS3i8daCyrUGxlEv+k7cE6U+9eiTo2DPNMouZnPSqv5vRERvwvm//JwkKdrV/xvSB4Ak7mJB+/t4Y4lV6gfeyggzN4xtdWoJfkgm0wa4V7oZGrpnexdwYuwyJYTMoz+87qJRwUfWAgF7U7trJ+b5DvCk9Y6KwT0N4j6PtDAk23k0zg06rTANzU3Mq1IWF7LVBcvSvR9nkNAPzcv06LQ70kxqQqVj5z+H+ERuILwBjuIQozCh6pO37Q3slz8UNnl7r48vw7uZe6be1fSDyf0hYE43n2DMpljnATQOMeJxp7nBrsvwDdPQ=="
private_key_file="1900006511_rsa_private_key.pem"
echo -n $encryted_real_name | base64 -d | openssl rsautl -decrypt -ssl -inkey $private_key_file | iconv -f gbk -t utf-8
4.5微信支付商户申请指引
敏感数据需要使用权威CA颁发的API证书来加密。 如果已经获取到了权威CA颁发的API证书,可直接使用。 未获取到的话, 可按下面的方法操作:
1证书申请或升级
登录商户平台申请或者升级到权威CA颁发的证书。
(申请指引:http://kf.qq.com/faq/161222NneAJf161222U7fARv.html
升级指引:http://kf.qq.com/faq/180824BrQnQB180824m6v2yA.html)
2查看证书序列号
登录微信支付商户平台:pay.weixin.qq.com,进入【账户中心】->【账户设置】->【API安全】,点击“查看证书”文字按钮。
点击查看证书,即可看到证书序列号。
五、案例展示
案例:粤省事小程序,实名信息登录。
粤省事小程序是广东省政务一站式服务小程序,为了给用户便捷的体验,使用了微信支付实名授权功能。一方面校验使用者的身份,一方面便捷的获取用户信息,以便为用户提供个性化的政务服务。
具体实现的效果截图如下: