Introduction

With the growing number of Chinese consumers purchasing merchandise on the oversea merchants’ site direct, the merchant could integrate with Alipay Standard Payment solution to offer the users the familiar user experience that they comfortable with, along the convenience provided for both the merchants and the consumers on the payment, FX exchange and settlement.

Once integrated, the merchant’s site will present an Alipay payment button when the consumer completes the payment and checks out.

• The user clicks the payment/checkout button, to make payment with Alipay
• The user would be redirected to Alipay site. He/she could log in, and complete the payment on Alipay.
• Once the payment is completed, the user will be redirected back to the merchant site with the payment result. The merchant could check the result and make decision on how to move forward.
• In the meantime, an asynchronous notification will be sent to the merchant with the payment result. The notification is reliable with build-in retry mechanism.

Except for "sign" and "sign_type", all other parameters used need to be signed.

Generating the pre-sign string for request

For the following parameter array:

string[]  parameters={"partner=\"208861122157****\"",
"seller_id=\"208861122157****\"",
"out_trade_no=\"0811172929-1013\"",
"subject=\"test\"",
"body=\"test\"",
"currency=\"HKD\"",
"total_fee=\"0.1\"",
"notify_url=\"http://0ee96cd2.ngrok.io/notify.htm\"",
"service=\"mobile.securitypay.pay\"",
"payment_type=\"1\"",
"_input_charset=\"utf-8\"",
"appenv=\"system=java^version=1.8\"",
"forex_biz=\"FP\""
  };

_input_charset="utf-8"&appenv="system=java^version=1.8"&body="test"¤cy="HKD"&forex_biz="FP"¬ify_url="http://0ee96cd2.ngrok.io/notify.htm"&out_trade_no="0811172929-1013"&partner="208861122157****”&payment_type="1"&seller_id="208861122157****”&service="mobile.securitypay.pay"&sign="$$$"&sign_type="RSA"&subject="test"&total_fee="0.1"

Generating the pre-sign string for synchronous notification

resultStatus={9000};memo={};result={partner="2088101568358171"&seller_id="xxx@alipay.com"&out_trade_no="0819145412-6177"&subject="test"&body="testtest"&total_fee="0.01"&notify_url="http://notify.msp.hk/notify.htm"&service="mobile.securitypay.pay"&payment_type="1"&_input_charset="utf-8"&it_b_pay="30m"&show_url="m.alipay.com"&success="true"&sign_type="RSA"&sign="hkFZr+zE9499nuqDNLZEF7W75RFFPsly876QuRSeN8WMaUgcdR00IKy5ZyBJ4eldhoJ/2zghqrD4E2G2mNjs3aE+HCLiBXrPDNdLKCZgSOIqmv46TfPTEqopYfhs+o5fZzXxt34fwdrzN4mX6S13cr3UwmEV4L3Ffir/02RBVtU="}

partner="2088101568358171"&seller_id="xxx@alipay.com"&out_trade_no="0819145412-6177"&subject="test"&body="testtest"&total_fee="0.01"&notify_url="http://notify.msp.hk/notify.htm"&service="mobile.securitypay.pay"&payment_type="1"&_input_charset="utf-8"&it_b_pay="30m"&show_url="m.alipay.com"&success="true"

Generating the pre-sign string for asynchronous notification

http://0ee96cd2.ngrok.io/notify.htm? buyer_id=208812287878****¤cy=HKD&forex_rate=0.85420000¬ify_id=e5f5c6a77034fcd111e373e7e61dcbegdy¬ify_type=trade_status_sync¬ify_time=2017-08-11 17:31:39&out_trade_no=0811172929-1013&rmb_fee=0.09&seller_id=208861122157****&trade_no=2017081121001003050274536539&total_fee=0.10&trade_status=TRADE_FINISHED&sign_type=RSA&sign=$$$

buyer_id=208812287878****¤cy=HKD&forex_rate=0.85420000¬ify_id=e5f5c6a77034fcd111e373e7e61dcbegdy¬ify_type=trade_status_sync¬ify_time=2017-08-11 17:31:39&out_trade_no=0811172929-1013&rmb_fee=0.09&seller_id=208861122157****&trade_no=2017081121001003050274536539&total_fee=0.10&trade_status=TRADE_FINISHED

OpenSSL installation

• Linux（Ubuntu）

  sudo apt-get install openssl

• Windows

  The developer can download Windows version of OpenSSL from the official site of https://www.openssl.org/source/.

RSA key pair generation

• Linux

  $ openssl
    OpenSSL> genrsa -out rsa_private_key.pem 1024 ##generating  private key
    OpenSSL> pkcs8 -topk8 -inform PEM -in rsa_private_key.pem  -outform PEM -nocrypt ##transform private key into PKCS8 format
    OpenSSL> rsa -in rsa_private_key.pem -pubout -out  rsa_public_key.pem ##Generate public key
    OpenSSL> exit          
    

• Windows operates in cmd window:

  C:\Users\Hammer>cd C:\OpenSSL-Win32\bin ##enter OpenSSL directory
    C:\OpenSSL-Win32\bin>openssl.exe ##enter OpenSSL
    OpenSSL> genrsa -out rsa_private_key.pem 1024  ##generating private key
    OpenSSL> pkcs8 -topk8 -inform PEM -in rsa_private_key.pem  -outform PEM -nocrypt ##transform private key into PKCS8 format
    OpenSSL> rsa -in rsa_private_key.pem -pubout -out  rsa_public_key.pem ##Generate public key
    OpenSSL> exit 

After the above steps, the user could see two files under the current folder (C:\OpenSSL-Win32\bin for Windows), rsaprivatekey.pem and rsapublickey.pem.
The former is the private key while the latter is the public key. The merchant should keep the private key and exchange the public key with Alipay for signature verification. The following are the examples on how to use the key pair.

• Standard private key file（PHP,.NET）

  -----BEGIN RSA  PRIVATE KEY-----MIICXQIBAAKBgQC+L0rfjLl3neHleNMOsYTW8r0QXZ5RVb2p/vvY3fJNNugvJ7lo4+fdBz+LN4mDxTz4MTOhi5e2yeAqx+v3nKpNmPzC5LmDjhHZURhwbqFtIpZD51mOfno2c3MDwlrsVi6mTypbNu4uaQzw/TOpwufSLWF7k6p2pLoVmmqJzQiD0QIDAQABAoGAakB1risquv9D4zX7hCv9MTFwGyKSfpJOYhkIjwKAik7wrNeeqFEbisqv35FpjGq3Q1oJpGkem4pxaLVEyZOHONefZ9MGVChT/MNH5b0FJYWl392RZy8KCdq376Vt4gKVlABvaV1DkapL+nLh7LMo/bENudARsxD55IGObMU19lkCQQDwHmzWPMHfc3kdY6AqiLrOss+MVIAhQqZOHhDe0aW2gZtwiWeYK1wB/fRxJ5esk1sScOWgzvCN/oGJLhU3kipHAkEAysNoSdG2oWADxlIt4W9kUiiiqNgimHGMHPwp4JMxupHMTm7D9XtGUIiDijZxunHv3kvktNfWj3Yji0661zHVJwJBAM8TDf077F4NsVc9AXVs8N0sq3xzqwQD/HPFzfq6hdR8tVY5yRMb4X7+SX4EDPORKKsgnYcur5lk8MUi7r072iUCQQC8xQvUne+fcdpRyrR4StJlQvucogwjTKMbYRBDygXkIlTJOIorgudFlrKP/HwJDoY4uQNl8gQJb/1LdrKwIe7FAkBl0TNtfodGrDXBHwBgtN/t3pyi+sz7OpJdUklKE7zMSBuLd1E3O4JMzvWP9wEE7JDb+brjgK4/cxxUHUTkk592-----END RSA  PRIVATE KEY-----

• Standard private key file in PKCS8 format(Java)

  -----BEGIN PRIVATE  KEY-----MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBAN0yqPkLXlnhM+2H/57aHsYHaHXazr9pFQun907TMvmbR04wHChVsKVgGUF1hC0FN9hfeYT5v2SXg1WJSg2tSgk7F29SpsF0I36oSLCIszxdu7ClO7c22mxEVuCjmYpJdqb6XweAZzv4Is661jXP4PdrCTHRdVTU5zR9xUByiLSVAgMBAAECgYEAhznORRonHylm9oKaygEsqQGkYdBXbnsOS6busLi6xA+iovEUdbAVIrTCG9t854z2HAgaISoRUKyztJoOtJfI1wJaQU+XL+U3JIh4jmNx/k5UzJijfvfpT7Cv3ueMtqyAGBJrkLvXjiS7O5ylaCGuB0Qz711bWGkRrVoosPM3N6ECQQD8hVQUgnHEVHZYtvFqfcoq2g/onPbSqyjdrRu35a7PvgDAZx69Mr/XggGNTgT3jJn7+2XmiGkHM1fd1Ob/3uAdAkEA4D7aE3ZgXG/PQqlm3VbE/+4MvNl8xhjqOkByBOY2ZFfWKhlRziLEPSSAh16xEJ79WgY9iti+guLRAMravGrs2QJBAOmKWYeaWKNNxiIoF7/4VDgrcpkcSf3uRB44UjFSn8kLnWBUPo6WV+x1FQBdjqRviZ4NFGIP+KqrJnFHzNgJhVUCQFzCAukMDV4PLfeQJSmna8PFz2UKva8fvTutTryyEYu+PauaX5laDjyQbc4RIEMU0Q29CRX3BA8WDYg7YPGRdTkCQQCG+pjU2FB17ZLuKRlKEdtXNV6zQFTmFc1TKhlsDTtCkWs/xwkoCfZKstuV3Uc5J4BNJDkQOGm38pDRPcUDUh2/-----END PRIVATE  KEY-----

• Public key file

  -----BEGIN PUBLIC  KEY-----MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDQWiDVZ7XYxa4CQsZoB3n7bfxLDkeGKjyQPt2FUtm4TWX9OYrd523iw6UUqnQ+Evfw88JgRnhyXadp+vnPKP7unormYQAfsM/CxzrfMoVdtwSiGtIJB4pfyRXjA+KL8nIa2hdQy5nLfgPVGZN4WidfUY/QpkddCVXnZ4bAUaQjXQIDAQAB-----END PUBLIC  KEY-----

Upload the public key

Contact Global Merchant Technical Support to upload the public key. Please sign with the matching private key in the key pair.

Merchants can check PID, Key, do refund, check/download transaction and settlement info on global.alipay.com:

For example：

• Business requirement：sequentially execute two spilt action

split_fund_info=[{"transIn":"2088101126708402","amount":"0.10","currency":"USD","desc":"  Split _test1"},{"transIn":"2088101126707869","amount":"0.10","currency":"USD","desc":"SampleInsuranceFee=10usd|RelevantTax=10usd|DeliveryFee=10usd|AnyOtherFees=10usd"}]

The single refund interface allows the partners to refund a transaction.

Request Parameters

Sync Response

The response is in XML format

Samples

Request Example

https://intlmapi.alipay.com/gateway.do?reason=refund+test&return_amount=0.1&sign_type=MD5& out_trade_no=iamdjc456¤cy=HKD&sign=8e9004797d3c7112b907bd184d775662&_input_charset=UTF-8&out_return_no=test005&service=forex_refund&partner=2088701998606387

Sync Response Examples

Success response

<?xml version="1.0" encoding="GBK"?>
<alipay>
    <is_success>T</is_success> 
</alipay>

Error response:

<?xml version="1.0" encoding="utf-8"?>
<alipay>
    <is_success>F</is_success>
    <error>ILLEGAL_SIGN</error>
</alipay>

For the system API calls, in general, the validations are being done at two levels on Alipay side.

The first level is at the API gateway level, where it does certain sanity checks such as verifying the signature, verifying if the partner ID is valid or whether the partner has permission to call this particular API, etc. If the validation fails, Alipay would return the appropriate error codes which are classified as the 'API Gateway Error Codes' as in the below.

Once it passes the validations at the API gateway level, the API request would be dispatched to the internal system for further processing, which it would be subjected to the validations of the business logic. The corresponding error codes returned are classified as the 'Business Error Codes".

Business Logic Errors

Access Errors / Common errors with MAPI gateway

If the calling parameters have error in it, Alipay MAPI gateway will capture it and display the errors. However, the control flow will stay at the Alipay side and will NOT return to the merchant’s site.

System Errors

When system error occurs, please contact Global Merchant Technical Support to assist the error repair.

The partners can use this API to obtain the information on a particular transaction, such as the transaction’s ID, out_trade_no, item name, transaction status, etc.

The gateway URL:

If you want to use Alipay sandbox to test the integration, see the sandbox handbook for details.

Request Parameters

Sync Response

After Alipay finish processing request data, it will notify partner website by posting response data by the way of redirection. The response data of such procedure are these response parameters.
Synchronous Response Parameters Description

Samples

Request Sample

https://mapi.alipaydev.com/gateway.do?service=single_trade_query&sign=d8ed9f015214e7cd59bfadb6c945a87b&trade_no=2010121502730740&partner=2088721091300630&out_trade_no=2009011803596246&sign_type=MD5

Response Sample

Success response

<alipay>
<is_success>T</is_success>
<request>
<param name="_input_charset">UTF-8</param>
<param name="service">single_trade_query</param>
<param name="partner">2088721091300630</param>
<param name="out_trade_no">2009011803596246</param>
<param name="sendFormat">normal</param>
</request>
<response>
<trade>
<body>hello</body>
<buyer_email>inxxxxt059@service.alipay.com</buyer_email>
<buyer_id>208xxxxxxxxx5555</buyer_id>
<discount>0.00</discount>
<flag_trade_locked>0</flag_trade_locked>
<gmt_create>2017-06-15 16:25:31</gmt_create>
<gmt_last_modified_time>2017-06-15 16:25:58</gmt_last_modified_time>
<gmt_payment>2017-06-15 16:25:58</gmt_payment>
<is_total_fee_adjust>F</is_total_fee_adjust>
<operator_role>B</operator_role>
<out_trade_no>2009011803596246</out_trade_no>
<payment_type>100</payment_type>
<price>0.02</price>
<quantity>1</quantity>
<seller_email>test@126.com</seller_email>
<seller_id>2088721091300630</seller_id>
<subject>world</subject>
<to_buyer_fee>0.00</to_buyer_fee>
<to_seller_fee>0.02</to_seller_fee>
<total_fee>0.02</total_fee>
<trade_no>2017061521001003550204235677</trade_no>
<trade_status>TRADE_FINISHED</trade_status>
<use_coupon>F</use_coupon>
</trade>
</response>
<sign>6283ce0cf5aaa812d9c1d29719d53e8d</sign>
<sign_type>MD5</sign_type>
</alipay>

Error response

<?xml version="1.0"  encoding="utf-8"?>
  <alipay>
  <is_success>F</is_success>
  <error>ILLEGAL_SIGN</error>
  </alipay>

For the system API calls, in general, the validations are being done at two levels on Alipay side.

The first level is at the API gateway level, where it does certain sanity checks such as verifying the signature, verifying if the partner ID is valid or whether the partner has permission to call this particular API, etc. If the validation fails, Alipay would return the appropriate error codes which are classified as the 'API Gateway Error Codes' as in the below.

Once it passes the validations at the API gateway level, the API request would be dispatched to the internal system for further processing, which it would be subjected to the validations of the business logic. The corresponding error codes returned are classified as the 'Business Error Codes".

Business Logic Errors

System Errors

When system error occurs, please contact Alipay Technical Support to assist the error repair..

Payment Type

Transaction Status

Additional Trade Status

From time to time, the merchant needs to reconcile the transactions. This interface enables the merchants to download the transaction list in a specific time span to reconcile the transactions.

The gateway URL:

If you want to use Alipay sandbox to test the integration, see the sandbox handbook for details.

Request Parameters

Sync Response

Response format

The responses could be in different formats for different use cases

• It is in XML format if there is error caught by the Gateway
• It could in plain text error message if it is the error from the biz logic
• It is a file to download if the call is successful.

File Format for the Transaction Report file in the Response

Samples

Request Sample

https://mapi.alipay.com/gateway.do?sign_type=MD5&sign=bb4c92c7cb7fc8a5280fe5f9f7ac309c&_input_charset=UTF-8&end_date=20150524&service=forex_compare_file&partner=2088002007018916&start_date=20150520

Response Sample

Success response

The response is HTTP response with an attached file, which is the reconciliation file with the transactions included.
The sample is for illustration of the browser download.

Error response from the biz logic:

File download failed: Over 10 days to Date period

Error response from the Gateway:

<?xml version="1.0" encoding="UTF-8"?>
<alipay>
<is_success>F</is_success>
<error>ILLEGAL_SIGN</error>
</alipay>

A sample of transaction report file:

23342347424|112.11|USD|20070616090001||P|2.24|P|Unliquidated
23342343423|102.32|USD|20070615090001|2007622090001|P|2.04|L|Liquidated

For the system API calls, in general, the validations are being done at two levels on Alipay side.

The first level is at the API gateway level, where it does certain sanity checks such as verifying the signature, verifying if the partner ID is valid or whether the partner has permission to call this particular API, etc. If the validation fails, Alipay would return the appropriate error codes which are classified as the 'API Gateway Error Codes' as in the below.

Once it passes the validations at the API gateway level, the API request would be dispatched to the internal system for further processing, which it would be subjected to the validations of the business logic. The corresponding error codes returned are classified as the 'Business Error Codes".

Business Logic Errors

Access Errors / Common Errors with MAPI Gateway

If the calling parameters have error in it, Alipay MAPI gateway will capture it and display the errors. However, the control flow will stay at the Alipay side and will NOT return to the merchant’s site.

System Errors

When system error occurs, please contact Global Merchant Technical Support to assist the error repair.

This interface enables the merchant reconcile the settled transactions with the settlement of the funds in the previous settlement cycle.

The gateway URL:

If you want to use Alipay sandbox to test the integration, see the sandbox handbook for details.

Request Parameters

Sync Response

Response format

The responses could be in different formats for different use cases

• It is in XML format if there is error caught by the Gateway
• It could in plain text error message if it is the error from the biz logic
• It is a file to download if the call is successful.

File Format for the Settlement file in the Response

Samples

Request Sample

https://mapi.alipay.com/gateway.do?sign_type=MD5&sendFormat=normal&sign=bb4c92c7cb7fc8a5280fe5f9f7ac309c&_input_charset=UTF-8&end_date=20150524&service=forex_liquidation_file&partner=2088002007018916&start_date=20150520

Response Samples

Success response

The response is HTTP response with an attached file, which is the settlement file with the transactions included.
The sample is for illustration of the browser download.

Error response from the biz logic:

File download failed: Over 10 days to Date period

Error response from the Gateway:

<?xml version="1.0" encoding="UTF-8"?>
<alipay>
<is_success>F</is_success>
<error>ILLEGAL_SIGN</error>
</alipay>

An example of settlement report file：

23342343423|102.32|USD|20070615090001|2007622090001|P|2.04|L|Liquidated

For the system API calls, in general, the validations are being done at two levels on Alipay side.

The first level is at the API gateway level, where it does certain sanity checks such as verifying the signature, verifying if the partner ID is valid or whether the partner has permission to call this particular API, etc. If the validation fails, Alipay would return the appropriate error codes which are classified as the 'API Gateway Error Codes' as in the below.

Once it passes the validations at the API gateway level, the API request would be dispatched to the internal system for further processing, which it would be subjected to the validations of the business logic. The corresponding error codes returned are classified as the 'Business Error Codes".

Business Logic Errors

Access Errors / Common Errors with MAPI Gateway

If the calling parameters have error in it, Alipay MAPI gateway will capture it and display the errors. However, the control flow will stay at the Alipay side and will NOT return to the merchant’s site.

System Errors

When system error occurs, please contact Global Merchant Technical Support to assist the error repair.

To get the exchange rate from Alipay, the partners can call this API.

The gateway URL:

If you want to use Alipay sandbox to test the integration, see the sandbox handbook for details.

Request Parameters

Sync Response

Response format

The responses could be in different formats for different use cases

• It is in XML format if there is error caught by the Gateway
• It could in plain text error message if it is the error from the biz logic
• It is a file to download if the call is successful.
• This exchange rate is ONLY for reference. The real exchange rate is shown on the payment page for each transaction.

File Format for the Transaction Report file in the Response

Samples

Request Sample

https://mapi.alipay.com/gateway.do?sign_type=MD5&sendFormat=normal&sign=590a9fbbed8a5b9a86b426795445f9f0&service=forex_rate_file&partner=2088101122136241

An example of the rate file：

20160504|100030|CHF|6.829600|
20160504|100030|EUR|7.491500|
20160504|100030|THB|0.185877|
20160504|100030|DKK|1.007800|
20160504|100030|SGD|4.815600|
20160504|100030|GBP|9.476100|
20160504|100030|HKD|0.838800|
20160504|100030|NOK|0.803000|
20160504|100030|CAD|5.124900|
20160504|100030|KRW|0.005814|
20160504|100030|NZD|4.496100|
20160504|100030|JPY|0.060934|
20160504|100030|AUD|4.877600|
20160504|100030|SEK|0.809800|
20160504|090530|USD|6.534600|

Response Samples

Success response

The response is HTTP response with an attached file, which is the FX rate file with the FX included.
The sample is for illustration of the browser download.

Error response from the biz logic:

File download failed: Over 10 days to Date period

Error response from the Gateway:

<?xml version="1.0" encoding="UTF-8"?>
<alipay>
<is_success>F</is_success>
<error>ILLEGAL_SIGN</error>
</alipay>

For the system API calls, in general, the validations are being done at two levels on Alipay side.

The first level is at the API gateway level, where it does certain sanity checks such as verifying the signature, verifying if the partner ID is valid or whether the partner has permission to call this particular API, etc. If the validation fails, Alipay would return the appropriate error codes which are classified as the 'API Gateway Error Codes' as in the below.

Once it passes the validations at the API gateway level, the API request would be dispatched to the internal system for further processing, which it would be subjected to the validations of the business logic. The corresponding error codes returned are classified as the 'Business Error Codes".

Business Logic Errors

Access Errors / Common Errors with MAPI Gateway

If the calling parameters have error in it, Alipay MAPI gateway will capture it and display the errors. However, the control flow will stay at the Alipay side and will NOT return to the merchant’s site.

System Errors

When system error occurs, please contact Global Merchant Technical Support to assist the error repair.

• Purpose

  Validate a notification is from Alipay Server, ensure the authenticity of the response data.

• Mechanism

  Acquire the parameter notify ID (notify_id), assemble it into a URL according to Alipay requirement, e.g.:
  

  https://mapi.alipay.com/gateway.do?service=notify_verify&partner=2088002396712354¬ify_id=RqPnCoPT3K9%252Fvwbh3I%252BFioE227%252BPfNMl8jwyZqMIiXQWxhOCmQ5MQO%252FWd93rvCB%252BaiGg

  
  Through this request URL, partner can acquire result data from Alipay server with the method of programming to simulate the http request interacting with Alipay server.
  If returned information is true, verification success, otherwise fail.
  

The gateway URL:

If you want to use Alipay sandbox to test the integration, see the sandbox handbook for details.

Request Parameters

Sync Response

The response is a string with the status.

Response Samples

If the input parameter is invalid, return,

Invalid

If the notification is from Alipay, and inquires in the valid time frame, (1 min)

True

If the notification is not from Alipay, or passes 1 min time frame,

False

Samples

Request Sample

https://intlmapi.alipay.com/gateway.do?service=notify_verify&partner=2088101122136241&notify_id=4465b04e84cb6bacc2bd1b52232c0b8gjg&sign=ciSBXc7gjCfXW8KMBxFiFH2cbMZtFelfTOGKqY2NF7q98RnH3E%2BiF5Cj%2Fu%2Bl8py1D%2FOsE%2FAva1ls8A6Tw1MzhG6ideJSgh4FxWmAjEnlczdfLj%2FqzA6qGzxdKGEXaSDFmTGglOembXUqK8g8ajICD%2BBH7xoxBRY7vtfylEXtojs%3D&sign_type=RSA

For the system API calls, in general, the validations are being done at two levels on Alipay side.

The first level is at the API gateway level, where it does certain sanity checks such as verifying the signature, verifying if the partner ID is valid or whether the partner has permission to call this particular API, etc. If the validation fails, Alipay would return the appropriate error codes which are classified as the 'API Gateway Error Codes' as in the below.

Once it passes the validations at the API gateway level, the API request would be dispatched to the internal system for further processing, which it would be subjected to the validations of the business logic. The corresponding error codes returned are classified as the 'Business Error Codes".

Business Logic Errors

Access Errors / Common Errors with MAPI Gateway

If the calling parameters have error in it, Alipay MAPI gateway will capture it and display the errors. However, the control flow will stay at the Alipay side and will NOT return to the merchant’s site.

System Errors

When system error occurs, please contact Global Merchant Technical Support to assist the error repair.

Refund split detail parameter format is JSON, include follow parameters:

Example：

• Business requirement：sequentially execute two spilt refund actions

Format Structure ：

split_fund_info=[{"transOut":"2088101126708402",  "amount":"0.10", "currency":"USD",  "desc":"test1"},   {" transOut  ":"2088101126708402", "amount":"0.30",  "currency":"USD", "desc":"test2"}]

Generate Pre-sign string

Parameters to sign

In the list of request and response parameters, all of them need to be signed except sign and sign_type. (sign_type also needs to be signed in some cases in the list of request parameters)

Generate Pre-sign string

Use the following code to package the data:

		//package the request parameters
		Map sParaTemp = new HashMap();
		sParaTemp.put("service", AlipayConfig.service);
                sParaTemp.put("partner", AlipayConfig.partner);
                sParaTemp.put("_input_charset", AlipayConfig.input_charset);
		sParaTemp.put("notify_url", AlipayConfig.notify_url);
		sParaTemp.put("return_url", AlipayConfig.return_url);
		sParaTemp.put("out_trade_no", out_trade_no);
		sParaTemp.put("subject", subject);
		sParaTemp.put("total_fee", total_fee);
		sParaTemp.put("body", body);
		sParaTemp.put("currency", currency);
		sParaTemp.put("product_code", product_code);
		split_fund_info = split_fund_info.replaceAll("\"", "'");
		sParaTemp.put("split_fund_info", split_fund_info);

		sParaTemp.put("secondary_merchant_id",secondary_merchant_id);
		sParaTemp.put("secondary_merchant_name",secondary_merchant_name);
		sParaTemp.put("secondary_merchant_industry",secondary_merchant_industry);
  

_input_charset=utf-8&app_pay=Y&body=test&currency=USD&notify_url=http://d4779318.ngrok.io/new_create_forex_trade_wap_JAVA-UTF-8-RSA/notify_url.jsp&out_trade_no=test20170901162***&partner=2088101122136***&product_code=NEW_WAP_OVERSEAS_SELLER&return_url=http://d4779318.ngrok.io/new_create_forex_trade_wap_JAVA-UTF-8-RSA/return_url.jsp&service=create_forex_trade_wap&subject=test123&total_fee=0.01

Signature Generation

MD5 Signature

Private Key is necessary for MD5 signature. The MD5 private key is the 32-byte string which is composed of English letters and numbers. Partner can log on the Merchant Service Center (https://global.alipay.com) to check the private key.

• Sign for request

After the partner receives the pre-sign string during requesting, the private key should be appended to the pre-sign string to generate the new string. Then this new string would be calculated with the MD5 signature algorithm by the MD5 signature function. Thus, the result 32-byte string is the signature result string. (the value is given to parameter “sign”)  

• Signature Verification for response

After receiving the pre-sign string during responding from Alipay system, the next step is the same as the procedure of Sign for request. When the 32-byte signature result string is generated, it should be verified whether the value is equal to the value of the parameter “sign”. If equal, the verification would be passed.

RSA, RSA2 Signature

Both private key and public key are necessary for RSA signature. Both private key and public key are generated with OPENSSL by partner. Partner and Alipay need to exchange their own public key. Therefore, partner uses Alipay public key and partner private key.

• Sign for request

After the partner receives the pre-sign string during requesting, the partner private key and the pre-sign string are used in the RSA signature algorithm by the RSA signature function to get the result string. (the value is given to parameter “sign”)

• Signature Verification for response

After receiving the pre-sign string during responding from Alipay system, the Alipay public key, the pre-sign string and the parameter “sign” are used in the RSA signature asymmetric algorithm by the RSA signature function to accomplish the signature verification.

Call this interface to register online secondary merchants information into Alipay system. For frequently asked questions about this interface, see About the alipay.overseas.secmerchant.online.maintain API.

The gateway URL:

If you want to use Alipay sandbox to test the integration, see the sandbox handbook for details.

Request Parameters

Sub-parameter

site_infos

Sync Response

The response is in XML format.

Samples

Request succeeds and the registration succeeds.

<?xml version="1.0" encoding="utf-8"?>
<alipay>
<is_success>T</is_success>
<request>
    <param name="secondary_merchant_industry">5935</param>
    <param name="_input_charset">UTF-8</param>
    <param name="sign">8457f906bf89a5e444a6e5c28f8da499</param>
    <param name="site_infos">
        [{"site_type":"WEB","site_url":"https://alipay.com","site_name":"websit"}]
    </param>
    <param name="secondary_merchant_id">100510000031</param>
    <param name="register_address">No.278, Road YinCheng, Shanghai, China</param>
    <param name="partner">2088131089302823</param>
    <param name="service">alipay.overseas.secmerchant.online.maintain</param>
    <param name="secondary_merchant_name">test1</param>
    <param name="register_country">HK</param>
    <param name="sign_type">MD5</param>
    <param name="timestamp">2018-10-09 16:04:16</param>
    <param name="secondary_merchant_type">INDIVIDUAL</param>
    <param name="registration_no">012345678</param>
    <param name=“representative_name”>Tom Li</param>
    <param name=“representative_id”>123456789 Li</param>
    <param name="settlement_no">2600100000</param>
    <param name="contact_no">+86139xxxx7893 </param>
    <param name="contact_email">tomli@gmail.com </param>
</request>
<response>
    <alipay>
        <result_code>SUCCESS</result_code>
    </alipay>
</response>
<sign>744a87f0e3b40e6a8cd8f9705ce61511</sign>
<sign_type>MD5</sign_type>
</alipay>

Request succeeds but the registration fails:

<alipay>
    <is_success>F</is_success>
    <error>PARAM_ILLEGAL</error>
    <sign>ba101b7ffb43afde9ba63c0de335218e</sign>
    <sign_type>MD5</sign_type>
</alipay>

Request fails or the access data are wrong:

<?xml version="1.0" encoding="utf-8"?>
<alipay>
    <is_success>F</is_success>
    <error>ILLEGAL_PARTNER</error>
</alipay>

Error Codes

Business Logic Errors

Access Errors

System Errors

When system error occurs, please contact Global Merchant Technical Support .

Change history

In addition to the API response through the page redirect, the API response might also be sent to the partner asynchronously with the POST method if the merchant set 'notify_url' field in the request with the targeted URL to handle the asynchronous notification. Handling async notification is required for this payment solution.

Alipay would retry the sending asynchronous notification multiple times within a 25-hour window until the partner acknowledges the receipt of the notification by sending a string 'Success' in the response. The merchant needs to respond to avoid the further re-send of the async notification.
When handling the API response through the page redirect and the asynchronous notification, the following aspects should be considered:

• The asynchronous notification might arrive ahead of the page redirect.
• The duplicated asynchronous notifications.

Response Parameters in Async Notifications

Asynchronous Notification Example

https://www.namesilo.com/alipay_ipn.php?notify_id=92c60707dc43a5b2d648b7b4d3c2e1592g&notify_type=trade_status_sync&sign=***&trade_no=2015063000001000080055080394&total_fee=7.99&out_trade_no=9677726c8757aea6d4df81091811b047&currency=HKD&notify_time=2015-06-30 09:56:02&trade_status=TRADE_FINISHED&sign_type=MD5

http://www.namesilo.com/alipay_ipn.php?notify_id=0578bc470961e3b43fb676db616711fd2k&notify_type=trade_status_sync&sign=***&trade_no=2015061700001000100000583330&total_fee=11.00&out_trade_no=2082389608326064&currency=HKD&notify_time=2015-06-17+02%3A37%3A02&trade_status=TRADE_CLOSED&sign_type=RSA

Nofitication trigger condition

Notification Verification

For the interest of system’s healthiness, it is recommended that the partner verifies if the notification is from Alipay.

The partner can only verify the notifications sent within the last 1 minute, and before sending the ‘Success’ acknowledgement back to Alipay.
For example:

https://intlmapi.alipay.com/gateway.do? service=notify_verify&partner=2088101122136241&notify_id=+4465b04e84cb6bacc2bd1b52232c0b8gjg&sign=ciSBXc7gjCfXW8KMBxFiFH2cbMZtFelfTOGKqY2NF7q98RnH3E%2BiF5Cj%2Fu%2Bl8py1D%2FOsE%2FAva1ls8A6Tw1MzhG6ideJSgh4FxWmAjEnlczdfLj%2FqzA6qGzxdKGEXaSDFmTGglOembXUqK8g8ajICD%2BBH7xoxBRY7vtfylEXtojs%3D&sign_type=RSA

For a transaction that has been successfully paid, the customer can request the merchant for refunding as long as the refunding period is still valid, and you can make use of the refunding interface to complete the refunding, as illustrated.

You can query a transaction by sending a query request.

This flow only applies for the acquirer. If you are an acquirer, you can use this flow to register online secondary merchants information into Alipay system.

When you are dealing with a transaction, you will be in one of the following transaction status:

• WAIT_BUYER_PAY: the system is waiting for the buyer to pay.
• TRADE_FINISHED: means the trade succeeds and refunding is allowed.
• TRADE_CLOSED: means the trade is unpaid or timed out.

Only when your transaction is in the final status of TRADE_FINISHED or TRADE_CLOSED, your system can avoid many problems.

Best practice for you to keep transactions in the final status:

1. Set the time-out value. For example, you can set 3 minutes as the time-out value.
2. Get the payment result with the page redirection caused by the synchronous notification.
3. Confirm the payment result with the asynchronous notification.
4. If no payment result or asynchronous notification is returned, the transaction status must be THE SYSTEM IS CONFIRMING THE PAYMENT RESULT or THE PAYMENT IS WAITING TO BE PAID.
5. Every time the user enters the order system, the query API will be called to confirm the payment result.
6. For all the unpaid transactions over 3 minutes, set the transaction status as TRADE_CLOSED.

Call this interface to query the registration status of secondary merchants.

The gateway URL:

If you want to use Alipay sandbox to test the integration, see the sandbox handbook for details.

Request Parameters

Sync Response

The response is in XML format.

Business Logic Errors

Response Examples

The request succeeds and the query result is returned:

<?xml version="1.0" encoding="utf-8"?>
<alipay>
    <is_success>T</is_success>
<request>
    <param name="service">alipay.overseas.secmerchant.maintain.queryStatus</param>
    <param name="partner">2088101131367863</param>
    <param name=“_input_charset”>gbk</param>
    <param name="sign_type">MD5</param>
    <param name="sign">2118ac8fad6bc1d9e88a6cd017c18d37</param>
    <param name="timestamp">2019-02-01 08:30:10</param>
    <param name="secondary_merchant_id">MERCHANT_ID_0003</param>
    <param name="payment_method">ONLINE_PAYMENT</param>  
</request>
<response>
    <alipay>
        <secondary_merchant_id>MERCHANT_ID_0003</secondary_merchant_id>
        <status>UNDER_REVIEW</status>
    </alipay>
</response>
<sign>744a87f0e3b40e6a8cd8f9705ce61511</sign>
<sign_type>MD5</sign_type>
</alipay>

Failed to get the query result:

<?xml version="1.0" encoding="utf-8"?>
<alipay>
<is_success>F</is_success>
<error>DATA_NOT_EXIST</error>
<sign>744a87f0e3b40e6a8cd8f9705ce61511</sign>
<sign_type>MD5</sign_type>
</alipay>

Change history

1. Identify the parameters to be signed.
   All the parameters in the list of request and response parameters need to be signed except the sign and sign_type. (Sign_type also needs to be signed in some cases in the list of request parameters)
2. Sort the above parameters alphabetically.
   Sort the parameters according to the key value ASCII code of the first character in ascending alphabetical order. For parameters with the same first character, make the sort based on the second character.
3. Create the pre-sign string.
   Combine all the sorted parameters in the format of parameter name = parameter value and link the combinations with the character of &. In this way, you get the pre-sign string.