UnionMeta Merchant Payment API Documentation
  1. 2. Security & Encryption Rules
UnionMeta Merchant Payment API Documentation
  • 1. Revision History
  • 2. Security & Encryption Rules
    • 2.1 Purposes
    • 2.2 Request Encryption (AES)
    • 2.3 Signature Generation (MD5)
  • 3. API List
  • 4. API
    • 4.1 Payment Result Callback Notification (Online/Dynamic QR)
    • 4.2 Payment Result Callback (Static QR)
    • 4.3 Create Order API (Online Payment)
      POST
    • 4.4 Create Order API (Generate QR)
      POST
    • 4.5 Static QR Code Generate
      POST
    • 4.6 Query Order
      POST
    • 4.7 Merchant wallet Balance
      POST
    • 4.8 Cancel Order
      POST
    • 4.9 Activate/Deactivate Static QR Code
      POST
    • 4.10 Transaction History
      POST
  • Schemas
    • CreateOrderRespData
    • RespDataCreateOrderRespData
    • CreateOrderReqParams
    • ReqParamsCreateOrderReqParams
    • CreateQrOrderRespData
    • RespDataCreateQrOrderRespData
    • CreateQrOrderReqParams
    • ReqParamsCreateQrOrderReqParams
    • GenerateStaticQrRespData
    • RespDataGenerateStaticQrRespData
    • GenerateStaticQrParams
    • ReqParamsGenerateStaticQrParams
    • MapObject
    • QueryOrderRespData
    • RespDataQueryOrderRespData
    • ReqParams
    • QueryOrderReqParams
    • OpenApiReq
    • ReqParamsQueryOrderReqParams
    • MerchantBalanceRespData
    • RespDataMerchantBalanceRespData
    • MerchantBalanceReqParams
    • ReqParamsMerchantBalanceReqParams
    • CancelOrderRespData
    • TransactionHistoryRespData
    • RespDataCancelOrderRespData
    • RespDataTransactionHistoryRespData
    • CancelOrderReqParams
    • TransactionHistoryReqParams
    • ReqParamsCancelOrderReqParams
    • ReqParamsTransactionHistoryReqParams
    • StaticQrStateOptionRespData
    • RespDataStaticQrStateOptionRespData
    • StaticQrStateOptionReqParams
    • ReqParamsStaticQrStateOptionReqParams
  1. 2. Security & Encryption Rules

2.3 Signature Generation (MD5)

A sign parameter is required to verify request integrity and authenticity.
1.
Prepare all request parameters (including merchantNo and the encrypted data). Exclude the sign parameter itself and any parameter with a null or empty string ("") value.
2.
Sort the remaining parameters alphabetically (A-Z), concatenate them in key=value& format, and remove the trailing &.
3.
Encode the resulting string into a Base64 string.
4.
Calculate the MD5 hash (32 lowercase hex digits) of: Base64String + signKey. This hash is your sign value.

Reference Code:#

 /**
     * @param map     Request Body
     * @param signKey
     * @return
     */
    public static String createSign(Map<String, Object> map, String signKey) {
        Set<String> kyes = new TreeSet<>(map.keySet());
        StringBuilder stringBuilder = new StringBuilder();
        Object v;
        for (String key : kyes) {
            v = map.get(key);
            if (ToolUtil.isNotEmpty(v) && !"sign".equals(key)) {
                stringBuilder.append(key).append("=").append(v).append("&");
            }
        }
        stringBuilder.setLength(stringBuilder.length() - 1);
        String str = stringBuilder.();
        log.info("String after parameter assembly:{}", str);
        String base64Str = Base64.encode(str);
        log.info("Encrypted String:{}", base64Str);
        log.info("signKey:{}", signKey);
        String sign = MD5Util.encrypt(base64Str + signKey);
        log.info("Generated Signature:{}", sign);
        return sign;
    }

Encapsulated Request Example:#

    protected String SIGN_KEY = "F50E217D0D7447DC9B6A9F87806F41AC";
    protected String MERCHANT_NO = "3800068";
    /**
     * Send request, and encapsulate encrypted and signed data
     *
     * @param url
     * @param args
     */
    protected String sendRequest(String url, Object args) {
        //The first 16 digits are the signature key
        String signKey = SIGN_KEY.substring(0, 16);
        //The last 16 digits are AES keys
        String encryptKey = SIGN_KEY.substring(16);
        OpenApiReq param = new OpenApiReq();
        param.setMerchantNo(MERCHANT_NO);
        param.setData(AgentSignUtil.encrypt(args, encryptKey));
        param.setSign(AgentSignUtil.createSign(param, signKey));
        System.out.println("Request URL:"+url+";Request Body:"+JSONObject.toJSONString(param));
        String result = HttpUtil.post(url, JSONObject.toJSONString(param));
        System.out.println("Request Result:"+result);
        return result;
    }
Modified at 2026-03-02 08:55:32
Previous
2.2 Request Encryption (AES)
Next
3. API List