Reputation: 1046
Getting "illegal parameter" when trying to call the alipay Payment API in the Sandbox
So what I am trying to do is is make a few API calls with AliPays https://global.alipay.com/docs/ac/ams/api API
I followed the integration guide and I created the nessassary private / public keys and Client Id. I also followed the generate signature guide here: https://global.alipay.com/docs/ac/ams/digital_signature#gNWs0
I also copied part of the code from iTest, the Developer Tools of alipay, so actually the function signWithSHA256RSA is from alipay.
I know that my private key should work, because I was able to test sucessfully the same request with the Developer Tools of alipay.
// generate ISO 8601 date
$oDateTime = new \DateTime();
$sDate = $oDateTime->format('c');
$privatekey = '<private_key_removed>';
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, 'https://open-eu.alipay.com/ams/api/v1/payments/pay');
$reqBody = json_encode(array('productCode' => 'IN_STORE_PAYMENT'));
$headers = array();
$headers[] = "Content-Type:application/json; charset=UTF-8";
$headers[] = "Request-Time:".$sDate;
$headers[] = "client-id:<client_id_removed>";
$headers[] = "Signature:". "algorithm=RSA256,keyVersion=1,signature=".signWithSHA256RSA($sDate, $reqBody, $privatekey);
curl_setopt($curl, CURLOPT_HTTPHEADER, $headers);
curl_setopt($curl, CURLOPT_HEADER, true);
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, $reqBody);
$rspContent = curl_exec($curl);
function signWithSHA256RSA($timeString, $reqBody, $privateKey){
$priKey = "-----BEGIN RSA PRIVATE KEY-----\n".
wordwrap($privateKey, 64, "\n", true).
"\n-----END RSA PRIVATE KEY-----";
$signContent = "POST /ams/api/v1/payments/pay"."\n<client_id_removed>".".".$timeString. ".".$reqBody;
openssl_sign($signContent, $signValue, $priKey, OPENSSL_ALGO_SHA256);
return base64_encode($signValue);
}
The error code that I am getting is:
{"result":
{
"resultCode":"PARAM_ILLEGAL",
"resultMessage":"illegal parameter:OpenapiV2签名字段异常: algorithm=RSA256,keyVersion=1,signature=<signature_removed>",
"resultStatus":"F"}
}
Upvotes: 2
Views: 597
Answers (1)
Reputation: 11829
Error via Google Translate: '签名字段异常' -> 'Signature field exception'
- Validate the signature. Replace
$privateKeyand$publicKeyfrom you secrets.
$data = 'POST ...';
$keyPair = openssl_pkey_new(
[
'private_key_bits' => 2048,
'private_key_type' => OPENSSL_KEYTYPE_RSA,
]
);
openssl_pkey_export($keyPair, $privateKey);
$details = openssl_pkey_get_details($keyPair);
$publicKey = $details['key'];
openssl_sign($data, $signature, $privateKey, OPENSSL_ALGO_SHA256);
var_dump($signature);
//verify signature
$isValidSignature = openssl_verify(
$data,
$signature,
$publicKey,
'sha256WithRSAEncryption'
);
var_dump($isValidSignature);
- In the documentation says
generatedSignature=base64UrlEncode(sha256withrsa(<Content_To_Be_Signed>), <privateKey>))
and provided java example
return URLEncoder.encode(new String(Base64.encodeBase64(signed), "UTF-8"), "UTF-8");
php equivalent is
urlencode(base64_encode($signature))
Upvotes: 3
Related Questions
- PayPal Payment Excute Error: Method type not supported for this operation
- Alipay notify url not being called
- Paypal API: This transaction cannot be processed due to an invalid merchant configuration
- Required parameter missing with DoDirectPayment method
- Paypal API Returns Access Token as Null
- php paypal pro (advanced) integration Issue
- paypal direct payment error on sandbox
- Paypal Sandbox API Internal Error
- PayPal Rest API for Payments returns NULL in the sandbox
- PHP PayPal API and Sandbox Issue