Request Header

Environment

Environment	Request URL	Purpose
Sandbox	acgateway.sandbox.uqpay.tech	Testing
Product	acgateway.uqpay.com	Go live

Header Information

Headerfield	Type	Required	Description
clientId	String	M	merchant id which the key belongs to
signType	String	M	Signature type, currenty support SHA，RSA，TOKEN, select one in the request
signId	String	M	SignId assigned with key
sign	String	C	Signature，required in SHA,RSA signType
token	String	C	token, required in TOKEN signType
requestId	String	M	Request unique ID, non repeatable

Find the intergration settings in the merchant portal

Currently we support three types of certification, merchant can choose one type and set the key in the migration.

To ensure the authenticity and integrity of the transmitted data, all requests must be signed and verified:

When calling the API, you must use the transaction key of the master merchant to sign the request sent to UQPAY, and verify the UQPAY response signature.
When receiving notifications, you must use the notification key to verify the signature of the received notification. However, you do not need to sign the response to the notification.

Sign with SHA type

Construct signature and verification

Pre preparation

Apply for the sign key(transaction key/notification key) from UQPAY UPAS

Construct signature

Remove fields with empty values or empty strings in the request
Convert the requested content, the format is [key=value&key=value], sort the parameters in ascending ASCII order by the characters in the key string;
Splicing salt value: Concatenate ["key="+sign key] to the end of the string

Note:
When there are nested fields, extract each key value pair, and sort them in the form of key=value, then connect with&. And package it with |, as the value of the upper layer key.
For example, the map corresponding to the card is converted to

|CardNo=4574836230001122&cvv=123&expMonth=12&expYear=24|, Concatenate into a string as card=| cardNo=4574836230001122&cvv=123&expMonth=12&expYear=24|

Example：

## Request message
{
    "amount": 22,
    "merchantId": "22222222222",
    "orderId": "202312250952000001",
    "currency": "156",
    "card": {
        "expMonth": "12",
        "cvv": "123",
        "expYear": "24",
        "cardNo": "45748362300011122"
    }
}

## To be signed string
amount=22&card=|cardNo=45748362300011122&cvv=123&expMonth=12&expYear=24|&currency=156&merchantId=22222222222&orderId=202312250952000001&key=DDA4E18493A98112B079BD279B67385F26D0C0CE798C14884461DBB870AD8269

Use the HMACSHA512 algorithm to calculate the summary of a string, and convert it into a hexadecimal string signature;

Verify signature

Remove fields with empty or empty strings in the requested body, and remove the sign field, convert the request content.
The format is [key=value&key=value], sort the parameters in ascending ASCII order by the characters in the key string; Splicing salt values: concatenate ["key="+sign key] to the end of the string
Use the HMACSHA512 algorithm to calculate the summary of a string, and convert it into a hexadecimal string signature;
Compare the value of the sign field in the signature and response

Sign with RSA type

Pre preparation

Apply for the RSA public key(transaction key/notification key) from UQPAY UPAS

Construct signature

Remove fields with null or empty string values from the request.
Convert the request content to the format of key=value&key=value, and sort parameters in ascending order according to the ASCII code of characters in the key string.

Note: When there are nested fields, extract each key-value pair, sort them in the form of key=value, and then connect them with &. Wrap it with | and use it as the value of the upper-level key. In the example, the map corresponding to card is converted to |cardNo=45748362300011122&cvv=123&expMonth=12&expYear=24|, which is concatenated into the string as card=|cardNo=45748362300011122&cvv=123&expMonth=12&expYear=24|

Use the RSA algorithm to sign and verify the signature.