IOTPay DocumentationIOTPay Documentation
  • Introduction
  • Signing
  • General Order API
  • Customer Scan QR Code
  • Merchant Scan Barcode
  • Payment in WeChat Web Browser
  • WeChat Mini Program
  • Online Secure Payment
  • App integrate IOTPay
  • Order Query
  • Asynchronous Notify
  • Get Client IP
  • Refund interface
  • Query Refund
  • POS Semi-Integration
  • Wordpress WooCommerce plugin
  • V3

    • Introduction
    • Redirected Integration
    • Redirected Integration With 3DS and AVS
    • Embedded Integration
    • Direct Method
    • Query Card
    • Purchase With Token
    • Purchase with Wallet
    • Void Transaction
    • Refund Transaction
    • Query Transaction
    • UnionPay ExpressPay API
  • V2

    • Credit Card API V2(Deprecated)
  • Introduction
  • Contract Signing
  • Payment
  • Query Order API
  • Callback
  • English
  • 简体中文
  • Introduction
  • Signing
  • General Order API
  • Customer Scan QR Code
  • Merchant Scan Barcode
  • Payment in WeChat Web Browser
  • WeChat Mini Program
  • Online Secure Payment
  • App integrate IOTPay
  • Order Query
  • Asynchronous Notify
  • Get Client IP
  • Refund interface
  • Query Refund
  • POS Semi-Integration
  • Wordpress WooCommerce plugin
  • V3

    • Introduction
    • Redirected Integration
    • Redirected Integration With 3DS and AVS
    • Embedded Integration
    • Direct Method
    • Query Card
    • Purchase With Token
    • Purchase with Wallet
    • Void Transaction
    • Refund Transaction
    • Query Transaction
    • UnionPay ExpressPay API
  • V2

    • Credit Card API V2(Deprecated)
  • Introduction
  • Contract Signing
  • Payment
  • Query Order API
  • Callback
  • English
  • 简体中文
  • General Order

    • Introduction
    • Signing
    • General Order API
    • Customer Scan QR Code
    • Merchant Scan Barcode
    • Payment in WeChat Web Browser
    • WeChat Mini Program
    • Online Secure Payment
    • App integrate IOTPay
    • Order Query
    • Asynchronous Notify
    • Get Client IP
    • Refund interface
    • Query Refund
    • POS Semi-Integration
    • Wordpress WooCommerce plugin
  • CreditCard

    • V3

      • Introduction
      • Redirected Integration
      • Redirected Integration With 3DS and AVS
      • Embedded Integration
      • Direct Method
      • Query Card
      • Purchase With Token
      • Purchase with Wallet
      • Void Transaction
      • Refund Transaction
      • Query Transaction
      • UnionPay ExpressPay API
    • Credit Card API V2(Deprecated)
  • Autodebit

    • Introduction
    • Contract Signing
    • Payment
    • Query Order API
    • Callback

Signing

For security purposes, we require ALL IOTPay API requests to be signed.

This sign should be included as part of each API request.

Signature algorithm

Example: var ex_body= { "c":"cat", "a":"apple", "b":"boat", "d":""};

Step 1:

Remove all keys with empty values in copied body object

ex_body= { "c":"cat", "a":"apple", "b":"boat"};

Step 2:

Sort resulting body by key in ascending lexicographic order

ex_body= {"a":"apple" "b":"boat", "c":"cat"};

Step 3:

Concatenate resulting body into new string in URL parameter format "key1=value1&key2=value2"

mystr="a=apple&b=boat&c=cat"

Step 4:

Append your merchant key (assigned to you by IOTPay during onboarding) "&key={your_merchant_key}" to the end of mystr

mystr+="&key={your_merchant_key}"

Step 5:

MD5 hash mystr, then convert hash result into all UPPERCASE. This is your sign

sign = toUpper(md5(mystr));

Step 6:

Attach sign value to original request body

ex_body.sign = sign; // you can now send the signed request

// ex_body before sending request
{"a":"apple", "b":"boat", "c":"cat", "sign": "DAC619FA1BC9526EBDA688A9DC842B7A"};

Recommended: Use Sign Validator to confirm your sign result is correct

Step 7 (Conditional):

You may need to perform an addition step if you meet ALL of the following conditions:

  • You have completed steps 1-6 and are still getting sign validation error

  • subject is present in request and is non-empty

  • subject contains non UTF8 encoded characters

    If all of the following apply, you should url encode the contents of subject and overwrite the original value; as below:

    ex_body.subject = url_encode(ex_body.subject);

Step 8 (Conditional):

Repeat step 7 for body field

Step 9:

Info

Skip this step if and only if the endpoint is for creditCard

After verifying that the sign value, json_encode the json object and concatenate with param =

params={"a":"apple", "b":"boat", "c":"cat", "sign": "DAC619FA1BC9526EBDA688A9DC842B7A"}

Send the request with the header Content-Type: application/x-www-form-urlencoded

Demo Codes


Online signature checker

sign validator

Last Updated: 5/29/24, 12:30 PM
Prev
Introduction
Next
General Order API