银联商务天满服务平台
Java PHP Python

通知验签规则

通知验签规则

签名支持MD5方式与SHA256方式(默认SHA256方式),计算sign的输入数据为待签名字符串加上key(即:通讯密钥),key由银联商务分配。在请求参数列表中,除去sign参数外,其他需要使用到的参数均为要签名的参数;以如下通知报文为例: buyerUsername=tj.***%40gmail.com&msgType=trade.notify&payTime=2022-11-16+09%3A48%3A41&buyerCashPayAmt=1&connectSys=UNIONPAY&sign=68CFB169494DD0EA83DB11AA132A1C6EC46DED75F8E1DCAADDC0011D91B6B4FE&merName=%E4%B8%AD%E4%BF%9D%E4%BB%98%E6%B5%8B%E8%AF%95%E5%95%86%E6%88%B7%28%E4%B8%AD%E4%BF%9D%E4%BB%98%E6%B5%8B%E8%AF%95%E5%95%86%E6%88%B7%29&mid=898201612345678&invoiceAmount=1&settleDate=2022-11-16&billFunds=%E6%94%AF%E4%BB%98%E5%AE%9D%E4%BD%99%E9%A2%9D%3A1&buyerId=2088202932263863&mchntUuid=6d47dc12a4c847eaba2eb456d201d5cd&tid=88880001&instMid=H5DEFAULT&receiptAmount=1&couponAmount=0&cardAttr=BALANCE&targetOrderId=2022111622001463861446080716&signType=SHA256&billFundsDesc=%E6%94%AF%E4%BB%98%E5%AE%9D%E4%BD%99%E9%A2%9D%E6%94%AF%E4%BB%980.01%E5%85%83%E3%80%82&freeSettlementAmt=0&orderDesc=%E4%B8%AD%E4%BF%9D%E4%BB%98%E6%B5%8B%E8%AF%95%E5%95%86%E6%88%B7%28%E4%B8%AD%E4%BF%9D%E4%BB%98%E6%B5%8B%E8%AF%95%E5%95%86%E6%88%B7%29&seqId=01193401135N&merOrderId=101720221116094809280000006&targetSys=Alipay+2.0&Ue=hobh&totalAmount=1&createTime=2022-11-16+09%3A48%3A12&buyerPayAmount=1&notifyId=2bbcfd87-6e93-4fc4-b38f-1c5d853ecbb8&subInst=100200&status=TRADE_SUCCESS

对参数里的每一个值从a到z的顺序排序(ASCII字典序),若遇到相同首字母,则看第二个字母,以此类推。排序完成之后,再把所有参数以“&”字符连接起来如: Ue=hobh&billFunds=支付宝余额:1&billFundsDesc=支付宝余额支付0.01元。&buyerCashPayAmt=1&buyerId=2088202932263863&buyerPayAmount=1&buyerUsername=tj.***@gmail.com&cardAttr=BALANCE&connectSys=UNIONPAY&couponAmount=0&createTime=2022-11-16 09:48:12&freeSettlementAmt=0&instMid=H5DEFAULT&invoiceAmount=1&mchntUuid=6d47dc12a4c847eaba2eb456d201d5cd&merName=中保付测试商户(中保付测试商户)&merOrderId=101720221116094809280000006&mid=898201612345678&msgType=trade.notify&notifyId=2bbcfd87-6e93-4fc4-b38f-1c5d853ecbb8&orderDesc=中保付测试商户(中保付测试商户)&payTime=2022-11-16 09:48:41&receiptAmount=1&seqId=01193401135N&settleDate=2022-11-16&signType=SHA256&status=TRADE_SUCCESS&subInst=100200&targetOrderId=2022111622001463861446080716&targetSys=Alipay 2.0&tid=88880001&totalAmount=1

这串字符串便是待签名字符串。签名示例:假设key(即通讯秘钥)的值为: impARTxrQcfwmRijpDNCw6hPxaWCddKEpYxjaKXDhCaTCXJ6

则待签名的字符加上key为: Ue=hobh&billFunds=支付宝余额:1&billFundsDesc=支付宝余额支付0.01元。&buyerCashPayAmt=1&buyerId=2088202932263863&buyerPayAmount=1&buyerUsername=tj.***@gmail.com&cardAttr=BALANCE&connectSys=UNIONPAY&couponAmount=0&createTime=2022-11-16 09:48:12&freeSettlementAmt=0&instMid=H5DEFAULT&invoiceAmount=1&mchntUuid=6d47dc12a4c847eaba2eb456d201d5cd&merName=中保付测试商户(中保付测试商户)&merOrderId=101720221116094809280000006&mid=898201612345678&msgType=trade.notify&notifyId=2bbcfd87-6e93-4fc4-b38f-1c5d853ecbb8&orderDesc=中保付测试商户(中保付测试商户)&payTime=2022-11-16 09:48:41&receiptAmount=1&seqId=01193401135N&settleDate=2022-11-16&signType=SHA256&status=TRADE_SUCCESS&subInst=100200&targetOrderId=2022111622001463861446080716&targetSys=Alipay 2.0&tid=88880001&totalAmount=1impARTxrQcfwmRijpDNCw6hPxaWCddKEpYxjaKXDhCaTCXJ6

MD5签名: 7070E720EE550D9A60FB5B99B7201826

SHA256签名: 68CFB169494DD0EA83DB11AA132A1C6EC46DED75F8E1DCAADDC0011D91B6B4FE

根据HTTP协议要求,传递参数的值中如果存在特殊字符(如:&、@等),则该值需要做URL Encoding,这样请求接收方才能接收到正确的参数值。注意:这种情况下,待签名数据应该是原始值而不是encoding之后的值

Java PHP Python
银联商务 版权所有 沪ICP备05003469号 沪公网安备 31011502007281号 增值电信业务经营许可证:沪B2-20140009