Request Method#
All Easylink requests are made using the POST method.| Field | Type | Required | Description |
|---|
| Content-type | string | Yes | application/json |
| Authorization | string | Yes | The AccessToken obtained through App ID and App Secret, in the format Bearer + space + AccessToken |
| X-EasyLink-AppKey | string | Yes | The App Key provided by Easylink |
| X-EasyLink-Nonce | string | Yes | Unique request ID |
| X-EasyLink-Timestamp | int | Yes | Millisecond-level timestamp of the current time (valid within 5 minutes) |
| X-EasyLink-Sign | string | Yes | The generated signature string |
Common Response Structure#
{
"code": 0,
"message": "",
"data": {}
}
| Parameter | Type | Description |
|---|
| code | int | Response code, 0 indicates success |
| message | strting | Response message |
| data | object | Response data |
Note that only when code is 0 does it indicate a successful request. Any other value indicates a failure.
Key pair usage#
Principle: Whoever requests signs, and whoever responds verifies the signature.
Merchants generate a pair of keys for requesting Easylink.
Easylink generates a pair of keys for callback to merchants.Signature Mechanism#
To ensure the security of transactions and API calls, Easylink performs signature verification on all interface requests. You need to sign all requests to confirm your identity.Before integration, Easylink will provide sandbox environment materials for merchants. For details on how to obtain these, refer to Environmental Information. The App Key is used for signing, while the App ID and App Secret are used to obtain Easylink's AccessToken.When requesting Easylink's API interface, merchants should pass the AccessToken through the Authorization header field in the format: Bearer + space + AccessToken.
When requesting Easylink's API interface, merchants should pass the App Key through the X-EasyLink-AppKey header field.
1.
Merchants should follow these steps to generate a request signature: Obtain the set of parameters to be signed: common parameters (from Header) + business parameters (from Body). Common parameters include X-EasyLink-AppKey, X-EasyLink-Nonce, and X-EasyLink-Timestamp. Business parameters depend on the specific interface, such as order number, amount, currency, etc.
2.
Sort all request parameters: sort the parameters by the ASCII value of the first character (alphabetical order). If the first character is the same, sort by the ASCII value of the second character, and so on.
3.
Concatenate: combine the sorted parameters and their corresponding values into the format parameter=parameter value, and connect these parameters with the & character. The resulting string is called the original string. Then, append the App Key to both the beginning and end of this string to generate the string to be signed.
4.
Calculate the signature using the SHA-256 algorithm and RSA private key, and then Base64-encode the resulting signature to generate the signature to be transmitted in the Header.
5.
Pass the signature through the X-EasyLink-Sign header.
Signature Code Example#
Signature Verification Code Example#
The signature verification requires the public key provided by Easylink for you. If it is not provided, please contact us
(Different from signing, EasyLink's callback to merchants does not include X-EasyLink-Nonce in the Header, so it is also not included in the signature.)
