Integrations

This guide will give a step by step instructions to sign API Request.

Preparing Keys

Client and WEN Gateway must exchange RSA keys before making API calls, and the length of RSA key must be 1024/2048/4096 bits. When making API call to WEN Gateway, client uses the RSA private key to sign the API request.

After receiving the API request, WEN Gateway will use the client’s RSA public key to verify whether the signature is matched to the content of API request. Similarly, when client receives the API response, it is highly recommended that client verifies the signature of API response by using WEN Gateway's RSA public key.

An RSA key pair contains the private key and the public key. The private key is required for generating the signature, while the public key is used for verifying the signature.

Generating an RSA key pair

Many tools can be used to generate the RSA key pair. The following steps assume that you use OpenSSL to generate the RSA key pair.

1、Install OpenSSL.

For linux system (Ubuntu), use the following command:

sudo apt-get install openssl

For installation on CentOS, please reference the following website OpenSSL on CentOS.

For windows system, download and then install OpenSSL from the official site.

2、 Generate RSA key pair.

For linux system (Ubuntu), use the following command:

$ openssl
  OpenSSL> genrsa -out rsa_private_key.pem 2048 ##generate private key
  OpenSSL> pkcs8 -topk8 -inform PEM -in rsa_private_key.pem  -outform PEM - nocrypt   ##transform private key into PKCS8 format
  OpenSSL> rsa -in rsa_private_key.pem -pubout -out  rsa_public_key.pem
         ##Generate public key
  OpenSSL> exit

For windows system, use the following command:

C:\Users\UserPC>cd C:\OpenSSL-Win32\bin ##enter OpenSSL directory
  C:\OpenSSL-Win32\bin>openssl.exe ##enter OpenSSL
  OpenSSL> genrsa -out rsa_private_key.pem 2048  ##Generate private key
  OpenSSL> pkcs8 -topk8 -inform PEM -in rsa_private_key.pem  -outform PEM -nocrypt ##Transform private key into PKCS8 format
  OpenSSL> rsa -in rsa_private_key.pem -pubout -out  rsa_public_key.pem ##Generate public key
  OpenSSL> exit

After that, you can see two files under current folder, rsaprivatekey.pem and rsapublickey.pem. The former is the private key and the latter is the public key.

3、Provide wen-gateway support
After the RSA2 key pair is generated, the wen-gateway help you to bind the public key with the Wen Gateway server according to your account. The purpose of it is for signature verification by completing the following steps:

Binding your public key to WEN Gateway

Generating the private key and public key

  1. Download the PuTTYgen and then open it.
  2. There is a parameters at the bottom and then select the type of key to generate into RSA.
  3. Press the gennerate button to generate the public and the private key pair.
  4. Save public key and private key.
  5. Press the load button and selected the previous saved public and private key.
  6. Go to Conversions and select the Export OpenSSH key.
  7. Save your public and private key file with a new file name which end with .pem to change it to PEM File.

The private key or public key which saved in the PEM file should be same as the below format.

{
    -----BEGIN RSA PRIVATE KEY-----
MIIEoQIBAAKCAQEAmzVCHkKxVlGPty+kut5p02oARfhQ4UveEDkbqbo4Xp1GiovL
ey5L6bYzvPFNQcm30ilpbsqL9o+b/Ndrl49A65RIsOwRtoCwlzZCNfi7ZptAA3+a
ZdA0reH4B4N6O02GNWGGZIn4yEiDDZHjMzuz+2zc1ib1n/DxLkEItd8QLfuZ66sD
5qrZX84rWO1+7Gyl2L8PiIz15bNfIhW6gg17cuTMzWuVJyK8J6VTxNaXc9v6espV
RHqjrPWu/BE6A2S1vkyBTvrYcUF7kLTn0xCell9wJzKuV/XBzs9Wmy+5jn9A+K23
ewiQzRyUAfxCjikZoIbQ60xPw0iAz2pTl5eyTwIBJQKCAQAIY75igCVC76bnTq71
WCFlX6z83P1z9kNa0qeMokg8dzQ+1x/BeB/HcaHuiZV5LX+O0c5ZBAeQyX4NqseL
puDqI7Dm+AD1G7aEttMlgxEMdxg3iltfcwnENbphRWCNlXzgSnX3mMFW7ymttNvZ
QX9ZstuBMonRS0tOm7tIGeUy6ut7VTxmTPmWll4L00Gf09UoR72RoVvt7ZO7VEmI
2bOiiu0jTSeyXkdN7b4EPCMqh+E+YevSEW1tC7N6jJf6iOfKH+BJ/yWV/z1AZ9Gs
zEME5ACS3ZHoQOv6y474NTmDUyYzyLSVbT7RBUgcKhP2CCuSc14pYyGdqnd3kC0u
XwX9AoGBAO/Y06jOkKJNR9LV2dI2TAIUWJYcVzYhs34r6Qliuew0mh0dHMi/MLZG
/UNeuVHyb9gN9DvgAnmw0ObXmR5IJWHenkdPItItATvph+nO2VU+6bazXx/rEcx5
SOYBOCQdE6M8ZoKNVS/7HnqI+yFleEB5GW1Oa9U44u0LFtw5/S3jAoGBAKWpLn2z
ii2wqIyoT26pUbxbN0ZmDJsSVLPslWC7mBP/QIyjO24EId6++dUXxLrumltqwo62
NcGazE/JTyAgWpPEYISm587tTlJ/rFcHdHF8+67W0IMkMue10JuqHu1z6Vr+Righ
Tla3HGNv9q/hGbMSFxWfNoylk/GgaDODvJWlAoGBAIghHi9ge5pjNppCBgGwHU1J
0Wn0aNmIv9H9PxMqMiwd2u3t7b4LpgaW/nJYW1gGI82nDhQlMdZdb6Wc9gpEn5hp
mBqiiWKIPvh9oCrBgkUjtRSq/qNpvf5uWc6mvv+9edkwHoFyz3wY58kBo0pOWQH/
ivjZe3kEnHizRFN6283vAoGAPq63pS8tXWVwNTjEHAi3JKzke4CPJetCpPG7+xaM
kfHhEp6g3YUF5ZReh/sn2AdBUwXNE2eJ9jqSfw3mlojIU5Zptabv7W6MVpEsc/T7
oJAn4Upcu//b6PivzDKIPivbwZCk7Jb7DA3vEN5BqlUsUZgkaQvPc3zr3uK/pMoQ
AUUCgYBYeN7N3pjEMCdIQNu7mwoPOuJdDLhXwURfYzkbPqezIs94wcYFy2cGhWb4
c9fwjLOcPunV8V6cUAkOpb98+k6q+SaR2Y0oT/q4hQzVdoc+tXqW5gm2WOu1KS3P
X+azdiMtcg1SEZPrwzcBIEjbPT7Oiv4josWsgNjiE4SvtTSu1Q==
-----END RSA PRIVATE KEY-----
}

Creating the Pre-sign String

Perform the following steps to sign the message:
1、Extract the content to be signed. For example:

{
      "header"{
        "sign":"",
        "signType" : "",
        "merchantCode": "MERC_0144544"


      };
     "body":{
         "outtradeid":"MERC_0144544_TX_12313213113",
         "coincode":"WCG_WCG",
         "subject":"Bag",
         "subjectdetail":"Red Color Bag.",
         "notifyurl":"http://example.com/notify-url",
         "returnurl":"http://example.com/return-url",
         "totalamount":20.3144,

     }
 }
-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQDr1FPc+nPVKyVvkQ/ONylATo4XVRsKnk+iNY+GQMY31Ixs06xC
3V5r/kf0WdPpBzPTLWHoqcU1hwY0LElIGPEiZsPti7vK5A0ubB1G7Ha1OvGt11vH
9nygJ05JV9koPVvbgmKZ+s8gny0eWNDr30Q9Up2+R6W/ZNijg1bISXIWhQIDAQAB
AoGAd1LPvBfdVBaosnKrlKPEc41Lx/J/5DeGA4UmQb+0i7s38jiICK0JgYr/zVtG
JbpHNqrXx2lfJ15SfUOLMLeuCclX/PTwVIuzmAtxEZCPTbNNVHyoqH2mVbb69zWq
sDpueh29espbt0l2Sui1zv4C74ubDBjb6ZU4JWDQjffQqwECQQD5mhcfCS1VZoWG
eS+pHO+LjYBpjcT1mK8O+PjCGJ5FZFapZmfy1MSd4xfKvYaOY32KF5PIf8DLLuj3
m2RH5ff9AkEA8d/cYJ0MomnbnEKX1lXlCiglsYRaSPmIPs4iMoyNY0GJE5l/O95u
PxGqaj+uScKwuY7QmqHOipR2ekUBAAOLKQJAMkvAmPpqbikIgv5sgjFYe9B5rctp
guvPar70sXfwfJ8pb105WQ9Sx1X5d1sVgB/ALlFt8Br+KHM9cpeXb32BqQJBALHV
jtl1/skXHcGI8MxFAQ5zsCsRjbQjy3mp41jZIEc+8wL3E6Y4B0TVvz85LPLMc1Uq
3NMkbpBTUbzaKT8SW+kCQQDLJvU+xBVH/ku7EPhkLWy1Oc4QmJ58kAj0KEZtKrtj
5C80YTXbZbZyFdsNFHpVcHFTWAYe8SZLJ/ymeGqrlBeQ
-----END RSA PRIVATE KEY-----

2、 Combine all array values in the format of key= "value" and then link them up by the character "&" in an alphabetical order as below. Please use camel case to sign like coinCode,returnUrl. The first word must be lowercase, the second onward word first letter must be uppercase, and so on. For example :

coinCode="WCG_WCG"&
notifyUrl="http://example.com/notify-url"&
outTradeId="M_ID001_TX_12313213113"&
returnUrl="http://example.com/return-url"&
subject="Bag"&
subjectDetail="Red Color Bag."&
totalAmount=20.3144

3、 Encoding content by using the SHA256withRSA algorithm. Then use the merchant private key to sign the value to generate the signature. To achieve a better security level, the length of the RSA key/pairs must be 1024/2048/4096 bits and Base64-encode the signature. A sample result is listed below:

"ZpRxHSZHLZ8VfbTlhmWKZWA+CHUBwS6TPeHO6YE4rY01qSNeG5guoOmJIM/LwkoY7fnY7u55j3eeoaLYrO7v2Cjg5jWLNdFmeMlKZmDE+oBy7U+TgBl7m2wg5desGXFzpzqiZuToxFPmTzuLzGpAAI+CoFzc1KV0+krC4xYdob4="

4、 Verify the signature in the https://wepayonline-util.weneco.io/.

5、Use the obtained string as the value of the Signature parameter. The following sample shows a whole API request:

{
   "header"{
        "merchantcode": "MERC_0144544",
        "sign":"ZpRxHSZHLZ8VfbTlhmWKZWA+CHUBwS6TPeHO6YE4rY01qSNeG5guoOmJIM/LwkoY7fnY7u55j3eeoaLYrO7v2Cjg5jWLNdFmeMlKZmDE+oBy7U+TgBl7m2wg5desGXFzpzqiZuToxFPmTzuLzGpAAI+CoFzc1KV0+krC4xYdob4=",
        "signtype" : "SHA256"
      };
     "body":{
         "outtradeid":"MERC_0144544_TX_12313213113",
         "coincode":"WCG_WCG",
         "subject":"Bag",
         "subjectdetail":"Red Color Bag.",
         "notifyurl":"http://example.com/notify-url",
         "returnurl":"http://example.com/return-url",
         "totalamount":20.3144
     }
 }

Verifying the signature

After receiving a response, perform the following steps to verify the signature:

-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqnYVj6qcyYIRUkUtS9SckUtm4
9LTnXWjFFpfXXnuwnKTnXCev42eEt2WVPDlgXrer9OvSbEu5J0MUsLOhnwAlgLqc
57DHjrQGM31/bvtignIGNoLPVrNdbVQvX0HkEtmIHOyUujHo7OIxdJ5NtLA69/mG
4YiVZ7m4WMn7JeZYIwIDAQAB
-----END PUBLIC KEY-----

Use the WEN Gateway public key to verify the signature from response.
{
    "status": "success",
    "data": {
        "token": "06e56125-58d9-4634-8e93-57d139437f18",
        "outtradeid": "MERC_0144544_TX_12313213113",
        "coincode": "WCG_WCG",
        "totalamount": 20.3144,
        "tradestatus": "TRADE_CREATED",
        "sign": "oUTNYTkA369FtvERmo3Ct/YtJYv5qM8Q1bDP8acnEoaySisCbgwFoknDHJ1Y7DkUOd7UKR93c7Vf0xnj94Yh1r40nenfHwtuHHBXWOU+wAhS7fuWJ8eWsiPVPHTIgzBTXj+/c0sgYTAXg014G4oX+hAdaceSngmrnzd+Xn7fbVc="
    }
}
Last Updated: 5/29/2020, 8:08:20 AM