API Doc

# EDC Overview

# Digital Signature Validation

  • Apply Token B2B Signature
  1. Compose the string to sign:
    <X-CLIENT-KEY> + "|" + <X-TIMESTAMP>
  2. Generate RSA-2048 public and private keys, and use the private key to sign, and fill the public key into the merchant background.
  3. Take the signature from HTTP header "X-SIGNATURE".
  4. Compare the value between X-SIGNATURE and the generated signature, if those value are the same, then consume the message.
  • Transaction Signature
  1. Compose the string to sign:
    <HTTP METHOD> + ":" + <RELATIVE PATH URL> + ":" + <B2B ACCESS TOKEN> + ":" + LowerCase(HexEncode(SHA-256(Minify(<HTTP BODY>)))) + ":" + <X-TIMESTAMP>
    Note: <HTTP BODY> must be sorted in ASCII order and converted to a json string.
  2. Generate RSA-2048 public and private keys, and use the private key to sign, and fill the public key into the merchant background.
  3. Take the signature from HTTP header "X-SIGNATURE".
  4. Compare the value between X-SIGNATURE and the generated signature, if those value are the same, then consume the message.

Data Model - EDC