Config Settings and Signature Rules
1. Get the Login Account
After collecting the basic information of the merchant, the PayerMax merchant tech support team will create an admin account for merchants to log into the merchant dashboard according to the “Administrator Login ID” filled in the MAF (Merchant Application Form). Please pay attention to check the activation email sent by PayerMax. Merchants can activate the administrator account according to the email guide. The password shall be set in the first time on the login page. Please make sure the password is secure and avoids leakage.
2. Get the Merchant AppID and Secret Key
The merchant appId required for joint debugging access can be obtained through the Merchant Management Center platform (MMC). The signature uses the SHA256WithRSA signature algorithm, which requires the merchant to generate public and private key information, upload the public key through the Merchant Management Center platform, and download the PayerMax public key. Please keep the private key information properly. If the private key is leaked accidentally, please update the private key in time.
The config entry is: "Merchant Management Platform (MMC)" - "Settings" - "Config".
Note:
Merchant appId and key are matched, and it is necessary to distinguish between the test environment and the product line environment.
3. Configure the Callback Notification Address
Merchants need to provide a callback URL to PayerMax, which will be called by PayerMax servers when notifying call-back results.
The URL can be submitted by calling the corresponding parameter of the interface or setting through the Merchant Management Platform. The callback URL submitted by the interface has higher priority than the URL set through the Merchant Management Platform.
Merchants can configure the callback URL through the Merchant Management Platform.
Path:[Config]-[Settings]
Note:
The merchant's public key is also configured at this location.
4. Configuration of public key and private key
4.1 The role of public key and private key
4.2 How to generate public key and private key
Merchant public and private keys can be generated in the following three ways (you can choose one of them). The generated merchant private key should be kept safe by the merchant for requesting payermax report For the signing operation of the message, the merchant public key is uploaded to payermax through the Merchant Dashboard platform to verify the merchant's signature to prevent the message from being tampered with during network transmission. Obtain the payeramx public key and put it in your own program to verify the signature of the payermax signed message.
1.Generate key pair online
Through the developer tool provided by payermax, the key pair is generated online. The tool is pure js and will not interact with the payermax server and will not disclose merchant key information. generate address
2.SDK Generate
The SDK provides the createKeyPair method or function in the development-related tool can also generate. java SDK | php SDK
3.openssl Generate
Generate pem public and private key files through the openssl command and manually remove the beginning, end, and newline characters to obtain public and private key information.
Download and install openssl, refer to documentation:https://www.openssl.org/source/.
Execute the following command:
# private key
openssl genrsa 2048 | openssl pkcs8 -topk8 -nocrypt -out private.key.pem
# public key
openssl rsa -in private.key.pem -pubout > public.key.pem
After executing the above command, two files will be generated as follows (example):
File public.key.pem:
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzN6tx98b4KZB1uqEuT7P
/nWHrYqFdiy+Kzs9KZ6JtSQWb3b45loOsdUxFeaCAt+ZJ0+fNJRDnwc7AiKOlgbw
0HT93WRVZXP6cwQV1Bg1XybBxtQE4OcEq+Uzzmd7RoBkQuNmjIUgDYtWPBSekSpZ
AhWkk4dh8Nd7Qv2BvJNNOISVFcROFgMgbGz80v6WofR4nnTEdTB+j4pR/Q4dhnIR
OlaWrai+hBPn95sahQ+Ujf7LZgLyhpyQeS+/xsLv29lDI6D+8neR1tsOYdOp8f8Q
NwDkOroMlzxkQeYsJDLpLG8p58zHSdcLOsopVe2u41uzdrQ8qjhw4FU9eBOmFite
iwIDAQAB
-----END PUBLIC KEY-----
File private.key.pem:
-----BEGIN PRIVATE KEY-----
MIIEwAIBADANBgkqhkiG9w0BAQEFAASCBKowggSmAgEAAoIBAQDM3q3H3xvgpkHW
6oS5Ps/+dYetioV2LL4rOz0pnom1JBZvdvjmWg6x1TEV5oIC35knT580lEOfBzsC
Io6WBvDQdP3dZFVlc/pzBBXUGDVfJsHG1ATg5wSr5TPOZ3tGgGRC42aMhSANi1Y8
FJ6RKlkCFaSTh2Hw13tC/YG8k004hJUVxE4WAyBsbPzS/pah9HiedMR1MH6PilH9
Dh2GchE6VpatqL6EE+f3mxqFD5SN/stmAvKGnJB5L7/Gwu/b2UMjoP7yd5HW2w5h
06nx/xA3AOQ6ugyXPGRB5iwkMuksbynnzMdJ1ws6yilV7a7jW7N2tDyqOHDgVT14
E6YWK16LAgMBAAECggEBAKFLC8yZdixHGPzohHgH4N94jsptjae9kDcfG4dB3y8y
60r0gv9wlbMiotOYOHGkssKFaFWQCTESEz4aEOJDMqMcCKaeELGgPuUAqWLjcFmq
fNNaJ0EeAMqI2GG/jQmzmbwjpqApS1P+iHUi0rh9e7gta/YOl2hzbgMO7W6XFivQ
pMIQZQE0WpmpK8cNgev/Xog8ZnHFC6XGUgK+mDVvJMYwmywUPIfLw2fvAZ29Qogt
qiGeFCJSwAL1VkxryXSjJJBKuoc3cXEcq/hjhz6G9rvd50Lj2kCWMd8iqm/dtFyh
DnT5WSFYNPIH0Up9qtqeP+TqgI/SrztAVHgUXVB2ABkCgYEA9cSeHG04Pj3p9ZCe
Cc6qb6L2kFphb62BhmUSHZ50p6X1KsSMw4wnzbrgrvcSe97iWZNLC536eQVHE5gL
4ZjIxylYkp+FuuPHMIDseASR2pNmY2sJ83iTB4C9Y+37+64wBceFiXWBERdJA1t2
MnzWLR8ijFfmHQ4KX3DJOhR05qUCgYEA1WYroahttPyvMFHdmcCphF9jhF3U6SGu
VndwTtqaGLHzCmSvHxLFyd8ziw/F344IGIn8fIbOqhFAijyliD53kGMiKSUqMH4Q
eP2RfxGrZqek3f6pvyUtxfjXAh6+7pfL46u0AzmyvcpaGXqQToecCF43MCdbxh7Z
3CViGfBcWW8CgYEAvJRcufU4ddHuJoYMLfxNHRIPXV5sa1PYEjaVevKuEkGuaF2e
oSF3HU4qvzZIEZJJXnA94jEbEydwjWFapIUmcmOQWhlbdLb4jYgvajwfanc11k04
uoAnWVd4eygN9OWIZbbeCUaHfYS/ensAq+bMNJ0yVjvQDzVJ0kfpr84okR0CgYEA
mBroNKTx9ZQ6Zu2jT2lVKuY27+1VygpY0ob1xS7psXp9asYTUMm3s0ll2tQWTV9W
g+8uya/o9K2xXBcYQgGMhZ0zhzJXXRMuOJ88qt70VgpeaGGRqo4cj0TsNDWoEDag
fJoxiC8DKWZnTEvhOihM3mYRXkBfmNr6nIEE6Mo7eP8CgYEA8KqzIk+5On3xmeES
fQcLPYiaO9Hlttc7flyIpUL52Og7S1T/ekdiBVIDlePpjRx5H0iCtANyWmQq0Xbf
SseQ9SFJ/4DLvDMawhvolmxHs98PNa8xZ9KdXgUNc7RcewUVhK2aLkxUQKNO0lww
GGDGWfvePWzlVotJd0bM+a/X4qg=
-----END PRIVATE KEY-----
Note:
PKCS8 needs to remove the beginning, end, and line breaks.
Get the public key string:
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzN6tx98b4KZB1uqEuT7P/nWHrYqFdiy+Kzs9KZ6JtSQWb3b45loOsdUxFeaCAt+ZJ0+fNJRDnwc7AiKOlgbw0HT93WRVZXP6cwQV1Bg1XybBxtQE4OcEq+Uzzmd7RoBkQuNmjIUgDYtWPBSekSpZAhWkk4dh8Nd7Qv2BvJNNOISVFcROFgMgbGz80v6WofR4nnTEdTB+j4pR/Q4dhnIROlaWrai+hBPn95sahQ+Ujf7LZgLyhpyQeS+/xsLv29lDI6D+8neR1tsOYdOp8f8QNwDkOroMlzxkQeYsJDLpLG8p58zHSdcLOsopVe2u41uzdrQ8qjhw4FU9eBOmFiteiwIDAQAB
Get the private key string:
MIIEwAIBADANBgkqhkiG9w0BAQEFAASCBKowggSmAgEAAoIBAQDM3q3H3xvgpkHW6oS5Ps/+dYetioV2LL4rOz0pnom1JBZvdvjmWg6x1TEV5oIC35knT580lEOfBzsCIo6WBvDQdP3dZFVlc/pzBBXUGDVfJsHG1ATg5wSr5TPOZ3tGgGRC42aMhSANi1Y8FJ6RKlkCFaSTh2Hw13tC/YG8k004hJUVxE4WAyBsbPzS/pah9HiedMR1MH6PilH9Dh2GchE6VpatqL6EE+f3mxqFD5SN/stmAvKGnJB5L7/Gwu/b2UMjoP7yd5HW2w5h06nx/xA3AOQ6ugyXPGRB5iwkMuksbynnzMdJ1ws6yilV7a7jW7N2tDyqOHDgVT14E6YWK16LAgMBAAECggEBAKFLC8yZdixHGPzohHgH4N94jsptjae9kDcfG4dB3y8y60r0gv9wlbMiotOYOHGkssKFaFWQCTESEz4aEOJDMqMcCKaeELGgPuUAqWLjcFmqfNNaJ0EeAMqI2GG/jQmzmbwjpqApS1P+iHUi0rh9e7gta/YOl2hzbgMO7W6XFivQpMIQZQE0WpmpK8cNgev/Xog8ZnHFC6XGUgK+mDVvJMYwmywUPIfLw2fvAZ29QogtqiGeFCJSwAL1VkxryXSjJJBKuoc3cXEcq/hjhz6G9rvd50Lj2kCWMd8iqm/dtFyhDnT5WSFYNPIH0Up9qtqeP+TqgI/SrztAVHgUXVB2ABkCgYEA9cSeHG04Pj3p9ZCeCc6qb6L2kFphb62BhmUSHZ50p6X1KsSMw4wnzbrgrvcSe97iWZNLC536eQVHE5gL4ZjIxylYkp+FuuPHMIDseASR2pNmY2sJ83iTB4C9Y+37+64wBceFiXWBERdJA1t2MnzWLR8ijFfmHQ4KX3DJOhR05qUCgYEA1WYroahttPyvMFHdmcCphF9jhF3U6SGuVndwTtqaGLHzCmSvHxLFyd8ziw/F344IGIn8fIbOqhFAijyliD53kGMiKSUqMH4QeP2RfxGrZqek3f6pvyUtxfjXAh6+7pfL46u0AzmyvcpaGXqQToecCF43MCdbxh7Z3CViGfBcWW8CgYEAvJRcufU4ddHuJoYMLfxNHRIPXV5sa1PYEjaVevKuEkGuaF2eoSF3HU4qvzZIEZJJXnA94jEbEydwjWFapIUmcmOQWhlbdLb4jYgvajwfanc11k04uoAnWVd4eygN9OWIZbbeCUaHfYS/ensAq+bMNJ0yVjvQDzVJ0kfpr84okR0CgYEAmBroNKTx9ZQ6Zu2jT2lVKuY27+1VygpY0ob1xS7psXp9asYTUMm3s0ll2tQWTV9Wg+8uya/o9K2xXBcYQgGMhZ0zhzJXXRMuOJ88qt70VgpeaGGRqo4cj0TsNDWoEDagfJoxiC8DKWZnTEvhOihM3mYRXkBfmNr6nIEE6Mo7eP8CgYEA8KqzIk+5On3xmeESfQcLPYiaO9Hlttc7flyIpUL52Og7S1T/ekdiBVIDlePpjRx5H0iCtANyWmQq0XbfSseQ9SFJ/4DLvDMawhvolmxHs98PNa8xZ9KdXgUNc7RcewUVhK2aLkxUQKNO0lwwGGDGWfvePWzlVotJd0bM+a/X4qg=
Note:
The message string signed by the merchant private key must be consistent with the string in the http body, otherwise the payermx signature verification will fail For example, the contents of the following two JSONs have the same meaning, but the result of signing is inconsistent due to formatting reasons.
You can experience the signing process through 【self-service signing tool】.
Formatted json string:
{
"key1":"val1",
"key2": "val2",
"key3": "val3"
}
Sign the result using the example private key:
"FPFVT3o227JrFRbqu19boZCpVVTF9KznxyRawUmxpfXilHV/0yK46haPhAjNu1hPUMy7Vw/ILXhfzffNm4Fj0apWknlTY9OJxnSoQxS9BTFtc61tn5yV1q69x/kkBl82/qwg+XTJ4fOzy7Mar3VaC1E2PlDA6RkkKBUyNE6RYgsdB+Su7an4+4HVTNAnoe74WyvBgxTLMNg28igBTdqxaO3w/UBY6ObVp7vkqkQGdL1Y+HgmMYaAVwrM3+ALWGId0sJ+YqTY4WJ+0xCRGhaSnybiIjZsQEYyID68WNUfuavDLDsEhaMm/HfQvf5p0R1Ltovp3wwJnEbQcjY458iX5A=="
Compressed json string:
{"key1":"val1","key2":"val2","key3":"val3"}
Sign the result using the example private key:
"W/unZQUH9366PZDhYlCghA7q66VmPDBN/7OvVKhigQNfLJPxGnbhrH6JV4rYlsyfduPt4QKZalaafvs/tJ+CVOr2RGt3815hcAPB7MN/u4y3W+IfbwTXkT7gWujT652YDfMls2dwRCYun++DSOVFHkP8FUp8/Rb6e8CuKbA40RwfHfUTek24TMq0JmiYZDfRYbMUE30Pm8PXDAStoTTOqjJ+5zVAMWCzUwId1/P3iNWue+DUwCyLEA6tHFIJX8dUoSlbtjRs1p4Q8ahSFg5Dx+RORtLclnp8g38hgWFNsvcSuW3RXTkwIYmmbp5Qguw16af9P8Li82zI4M8TqgI08g=="
4.3 Signature Algorithm
type | desc |
---|---|
Algorithm | RSA |
Key Format | PKCS8 |
Signature Algorithm | SHA256WithRSA |
Key Length | 2048 |
4.4 Message Example
Request Message
POST https://pay-gate.payermax.com/aggregate-pay/api/gateway/orderAndPay
Content-Type:application/json
Content-Length:580
sign:according to Request body to use merchant privateKey signature
{
"version": "1.1",
"keyVersion": "1",
"requestTime": "2022-01-17T08:04:13.879+00:00",
"appId": "3b242b56a8b64274bcc37dac281120e3",
"merchantNo": "020213827212251",
"data": {
"outTradeNo": "Pay1642406653879",
"subject": "MacPro14 and Mouse",
"totalAmount": "10000",
"currency": "IDR",
"country": "ID",
"userId": "10001",
"language": "en",
"reference": "020213827524152",
"frontCallbackURL": "https://www.payermax.com",
"notifyUrl": "https://www.payermax.com"
}
}
Response Message
HTTP/1.1 200 OK
Date:Mon, 17 Jan 2022 03:49:08 GMT
Content-Type:application/json
Connection:keep-alive
sign:PayerMax signature information, the merchant verifies the signature according to the response json body and PayerMax publicKey
{
"code": "APPLY_SUCCESS",
"msg": "",
"data": {
"redirectUrl": "https://cashier-n.payermax.com/index.html#/cashier/home?merchantId=020213827212251&appId=3b242b56a8b64274bcc37dac281120e3&country=ID&tradeToken=TOKEN20220117080414618354880&language=en&token=LVDNgrtBcAvo0W6Zjhuons2jfZsEJXgFIAFDLf2Tq2I2FkdUhwF%2Fm8lxxmI1%2BVPfbPafUGFbZfTqagFOD3mMOAKm6790AZi7nuoQbG7SWFIyfD7hr0LbAy9TUpJNjm%2Bsxg2O%2FGvFpzpwP3P1JZxA%2BEajse7sQQubFZhFNGK9o9I%3D&amount=10000¤cy=IDR&frontCallbackUrl=https%3A%2F%2Fwww.payermax.com",
"outTradeNo": "Pay1642406653879",
"tradeToken": "TOKEN20220117080414618354880",
"status": "PENDING"
}
}