Ayolinx-Openapi
🇬🇧English
  • 🇬🇧English
  • 🇨🇳中文
  1. Read before development
Ayolinx-Openapi
🇬🇧English
  • 🇬🇧English
  • 🇨🇳中文
  • Openapi-EN-US
    • Read before development
      • Introduction
      • Header Parameter Description
      • Signature generation rules
      • Channel description
      • Error code description
      • Callback description
      • PartnerServiceId description
    • GetAccessToken
      • Access Token B2B
    • Qris
      • APIS Ayolinx Provided to Merchant
        • Generate Qris
        • Query Qris
        • Cancel Qris
      • APIS Need Merchant to Provide
        • Payment Notify
    • EWallet
      • APIS Ayolinx Provided to Merchant
        • Get Payment Url
        • Inquiry Status
      • APIS Need Merchant to Provid
        • Payment Notify
    • VirtualAccount
      • APIS Ayolinx Provided To Merchant
        • Error Codes
        • Create VA
        • Inquiry Va
      • APIS Need Merchant To Provide
        • Callback introduction
        • Access Token B2B
        • Payment
      • Non-snap callback interface
        • Payment Notify
  1. Read before development

Signature generation rules

Signature generation rules#

Signature mechanism#

To ensure transaction security and the security of API invocations, Ayolinx will conduct signature verification for all requests of interfaces. You need to sign all requests for Ayolinx to confirm your identity.
The signature generation rules are divided into three parts. One is the signature generated when obtaining the AccessToken; the second is the signature generated when calling the interface; the third is the signature for the callback to the merchant. There are differences among the three.

Asynchronous callback signature verification#

When Ayolinx sends you an asynchronous callback notification, it will sign the callback request according to the above mechanism. After you receive the asynchronous callback notification, you need to verify the signature of the callback request to confirm that the callback request is indeed from Ayolinx.

Signature generation for obtaining AccessToken#

1、Explanation of code logic#

requestTimestamp is X-TIMESTAMP in the header when making a request. The format is yyyy-MM-ddTHH:mm:ssXXX, for example: 2024-09-18T06:36:36+00:00. If it's in the east seventh zone, it would be 2024-09-18T06:36:36+07:00
$private_key is the private key of the key pair generated by the merchant

2、Demo presentation#

-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDKJ2Mon/hqxyy7
G185m84du0HA0C1SGZ0l/QSjzCs45oSZFr7QlMY0rYfb3tZ5tyMPF9DSFaLETRmP
eTF8KZ7XxDrWb5b97VDPu5ZD+3H2XHd+psWyH5skFL7NzF3XyxcbNIMGhhhXqT8c
SyNVlvELU2RCCAcv42Kh4cTGFZa3On4AxSSvMBO3nYZBOOYNWoGSBBycDPTQ4/lk
MF++Thz/ugxVhkgPG5KDvjy4n96OHXYq3CbSaWsRLJ+nFMS4aLtUTALln/d3x7cE
YRPSZYJAUwMIVxxEaeo5r7RTWBW7JDmNFlGrSuL4aGvxpjgj9fuibdrBLBBHfJIH
w8QIAiiJAgMBAAECggEAFEGK2i/gWZu0V9nL6ob6Cejg82/wsJ60LFGscLjFNnYD
wJ7Ctz4HF9FxEPck3Myc4NbpM9na5cpXdrTFQHyfp91n62OCWNaaH7ybV5vHDTFy
AFD384ue9Sg2f8Lb/uLg4XcbL3DJmOQSuLQvOdTueYztOYAaL0JcuF2Z5OLWJ60R
NGqdl6QiUnkHVmzLif8RApl+kRQWeA1fSw0EBXLm1EyX+anK3NCrGLDRSO/n05v+
16LDfcev78TqtbDsB0bS//RUm34+ZlEUuq70FEj0PNUs9SaQ1bD5CH1CIDl+SNl7
r+ZZRxJnHQ7ABATs7rIwna6Y6ITmpwRw24hNb3VssQKBgQDyCZs+CENjAUIDcZy9
Sz37fPI1nmj39xTgGC5v1QazwsbB4D6Xd2b9hcJp5cQr+4n5q8T1iACP1Zh4Rw1n
PLDftu1WSUDmbxzv4/rG7MW4ui32/B3hqXx3RvTuuJdKSdJql/KMZHv1etrvk5sH
q6RuhS/yRh0Eqrh9ZO7VWAtxGQKBgQDV0MgZx1hdPpJeQsbcuV//xw3P8txIbzb2
O/VrrjPQ3jQxTwCcsTMNi2FcqhVvvpSyWhnQaPX6Yxve9YBJ1Svx5watH95d1/t3
k0Hp45TDg6S2MXsszgNiFFsrhxJPFOERDckhwOXQRNoAtLnT5NvLTsWXd+dWvKBg
Zs902Ugw8QKBgQDWQfjCNhBpMTDd2ZIV4+iPmvDS1FM5xukc42sgJmUTdoX6FGd0
MAfkv6b1ladOBBMFCLCHZgiRS1T4jHVqAUjWEZoR+zDPjGcCWT+jHvB88ZtE+7P8
EswSzqZ+OLv80FLLd40ICN/O1B3BXVostR4PlCl4f+aqPfKpVlMyWwlt6QKBgD0m
O8Qbner09TleEa+YmJr3G70oMNXKcMaVOUg1hv4qPnUHqh4mE3rBLPQqdH0D3VTw
rcdL7WVRqOvn/GuhOrMxJlim75qZJYL6K3SvsKEF6jptBlQ3CwKm3bgiJhtV1lRh
Q++SUmdw+YQQK8EtB6sqeRoroY7N3XQUkypQ5fORAoGAJxnF+mseUG0bYRpmO2bn
hUFEv0ytvAOK919kvwkWundpLf4d7GkPrpCADYNGsXE45vYOcJZk+zmRxkDItfmP
Y/Q1T6v8pyi3ZhADGCTdLu492E+9KzP52UANBg5AvkNoO8HJA4JzXHrPk3iHxNId
+boEsvH8b2JyXyh8SZAp1DI=
-----END PRIVATE KEY-----
PHP
Go
Java
We use the above-mentioned private_key to generate the signature result:
jBOr9d5CRTbzunJyFKktb0+/oJi9H6nO6+o89iI28ZOP80kxh6YFaDryw+KsCALB+ylBp6ZbHAB3XwXa08ZqnVr7Tgv7vplbBii3pG3QXGNN41Qi1s4/fpYGKkpprUenIYPy59482/GoEbXEnutrPUtTKIXf7z4zkcFwngurByo1iHxEKIFxKFKJq5XR70FfTsXZQPDTC9VsKCqJ+PYaCVHtv9fAe2Bo1kaDzWGzESzpbFBpr8k0H6Fngboje9GgtWRFlcdYRM5NLYNuFJ7rXN1f792aX1s9nS8eDmXAJlJeMR/j509mBiIJeF3OkAgD5yuqZvtYJdYLYYoe8SU8jQ==

Signature generation for invoking interfaces#

1、Explanation of code logic#

$body is all the parameters passed in the request body, and the format is json
$method is the request method
$url is the interface name
$token is the Authorization Token, without the Bearer prefix
$requestTimestamp is X-TIMESTAMP in the header when making a request. The format is yyyy-MM-ddTHH:mm:ssXXX, for example: 2024-09-18T06:36:36+00:00. If it's in the east seventh zone, it would be 2024-09-18T06:36:36+07:00
$data example:POST:/direct-debit/core/v1/debit/payment-host-to-host:7bd8be52a84cc95155756773cf34eade:e6fadcabcf365f76b7ad5e54f8a29015e7392905fa5822ae284fadccf3ef4d12:2025-01-16T17:30:56+07:00
$client_secret is the client_secret parameter generated by the Ayolinx platform after the merchant creates an account

2、Demo presentation#

PHP
Go
Java
The signature result obtained using the above data:
jmI+wVObzka8DvwIH1CCUo5AvARo4IZf4S8SSLOhNpKipRtwyQCOM6Kkr6k6wDAVgSZ+MbaxjGLQjqrK0o4ojw==

Ayolinx Callback Merchant Signature Verification Rules#

1、Explanation of code logic#

$method is the request method.
$url is the interface name.
$requestTimestamp is X-TIMESTAMP in the header when making a request. The format is yyyy-MM-ddTHH:mm:ssXXX. For example: 2024-09-18T06:36:36+00:00. If it's in the east seventh zone, it would be 2024-09-18T06:36:36+07:00.
$data example:POST:/v1.0/qr/qr-mpm-notify:7bd8be52a84cc95155756773cf34eade:2025-01-16T17:30:56+07:00

2、Demo presentation#

PHP
Go
Java
Modified at 2025-02-21 10:39:09
Previous
Header Parameter Description
Next
Channel description