Talk about the problem of the pit-father in the development and development of the third-party payment interface

Objective

Recently in the company's payment interface, from payment to a variety of third-party payment interface, but also a bit of card payment, payment documents relatively detailed, although also a lot of pits, by the road developers Spit groove, but filled more ah, so is the best development, but the company also useful to some third-party web payment interface, and then encountered many pits, I can't help but want to spit a groove.

First, third-party payment process

Various payment documents, business flowchart is too simple, some really is complex do not want, developers see is also drunk, write these documents people never seem to think about the feelings of people, so I think there is a need to introduce briefly here, I think to the developer of the flowchart is roughly like this, Instead of a bunch of things that aren't used in the development documentation.

Simplification is: Get interface Information (bank list, etc.)-"Submit parameters and signatures-" Get results (need to verify the signature)

We do interface development ability how strong programmers, do not look at the document is also no way to do, the signature algorithm is someone else to do the interface of the person to provide, parameters are also named, so learn to read the document is very important, read a lot of others to write the document, we can write a simple and clear document, this is the experience.

Second, the development of those encountered in the pits

There is a pit where writing pits are documents, some pits are artificial pits, anyway pits you have not consulted.

1. Payment

Before making a payment, Download the official document from the ASP. NET development demo, replace the parameters, follow the official step by step, want to test the success of the payment, then docking system, Pit is I just use the Apple phone, just the official ASP. NET demo inside the Pay button is a control, on the Android Pay no problem, on the Apple phone but No, then I did not know the case I just do a long, to see the code comment is obviously not the C # notation, mostly to do Java to grasp the Java version modified. Then search the Internet, found a lot of people are the problem of the pit!

2. Circular Payment

① Payment provides a test merchant ID and key, and provides the WebService interface to obtain the corresponding bank name and code, to facilitate the development of direct-connect payment mode, but according to the interface, get to the bank list of the bank code is duplicated, I always thought it was my interface call has a problem, repeatedly confirmed, Really is to provide the interface is too casual; ② Payment interface merchant number down, I try to pay, changed the official interface and merchant information, and then pay, the result link failed, error code #e008, I check the document, no, Baidu, no, ask someone, do not know ... Then I consult their official customer service, the official customer service transfer to technical customer service, anyway, the other side said that the domain is not bound, I am also drunk. The company let me develop, gave the document and merchant information, the other did not, I thought as long as only need to bind domain name. Then let the customer service to the error code of the document, the other side should I provide a merchant number to give Do not know this error code or what is confidential?

3. New Student Payment

① This official document is even more outrageous, I read the document was written in 2011, the PDF was generated in 2013, and then the above is provided with the address of the test, the address is not really accessible address, need to modify the Hosts file, redirect to the specified domain name. When I was ready to test, I found that I had been prompted to link the page incorrectly. Wonder, of course, I must be looking for problems from their own, is not the host file modification of the wrong, or other problems. After I repeatedly confirmed that all kinds of ping found test address is not available, so look for years, no results, ask small partners, no results, good, should go to the official customer service, and then docking technical customer service, ask them to the latest documents, and test address is changed? Then the other side gave me the answer is that the test address is not available, I am now in the document (2011, the last revision of 13) is the latest, testing can not use you to the various tests of a bunch of things to do?

② Direct connection when there is a parameter is required, user payment account, I think the logic is very strange, ask technical customer service, the result of the reply is as long as the mailbox and mobile phone format, just fill it out can ...

③ This platform does not provide the interface to get the bank list, all the bank parameters must be written manually, and there are changes can only be manually changed!

4. About the document

Do not understand the point is the official website on the web version of the development of the document, Word or PDF is convenient, but if the interface updated what is the first time developers how to modify it?

Third, the case listing code

The interface code of the loopback payment

1. Get a list of banks

1 #region Ring Network Silver Payment interface WebService get bank list Information banklist () (Temporarily test Interface) 2 payserviceips.servicesoapclient ipspay = new Payserviceips.servicesoapclient ();//Call WebService here is the test address 3 protected list<string> Array; 4//Get Bank List 5//format for  Bank | Bank Alias | Array of bank codes 6 protected list<string> banklist () 7 {8     string mer_code = System.config Uration. configurationmanager.appsettings["Mer_code"];//Merchant number 9     String mer_key = system.configuration.configurationmanager.appsettings["Mer_key"];//Merchant Certificate: Login http://merchant.ips.com.cn/ Merchant Certificate content downloaded from the merchants background is     string Re = Ipspay.getbanklist (Mer_code, Game.Utils.Utility.MD5 (Mer_code + mer_key). ToLower ()); one     re = Httputility.urldecode (re);//re format is Bank | Bank alias | Bank code #12     list<string> ArrayList = new List <string> (); (     int i = 0; I < (Re.split (' # '). LENGTH-1); i++)//array is the end of the # so the last string is empty from     {         arraylist.add (re.split (' # ') [i]);     }17     return arraylist;18}19 #endregion

2. Payment jump to third party page

 1 #region Configure payment parameters and jump to pay 2//Submit address 3//string Form_url = "http://pay.ips.net.cn/ipayment.aspx"; Test 4 String Form_url = "Https://pay.ips.com.cn/ipayment.aspx"; Official 5//Merchant Number 6 String mer_code = system.configuration.configurationmanager.appsettings["Mer_code"]; 7//Merchant Certificate: Login to http://merchant.ips.com.cn/merchant background download Merchant Certificate Content 8 String Mer_key = system.configuration.configurationmanager.appsettings["Mer_key"]; 9//Merchant Order Number: String Billno = orderinfo.orderid;//11//Order Amount (Reserved 2 decimal places) string Amount = This.txtSalePrice.Text.Trim () + ". 00 "; 13//Order Date: String billdate = DateTime.Now.ToString (" YyyyMMdd "), 15//Currency, String currency_type =" RMB "; 17//Payment card type: Strin G Gateway_type = "01"; 19//Bank code: String BANKCO = bankco;21//language string Lang = "GB"; string nurl = "http://" + Request . Url.authority + "/return.aspx"; 24//Payment result successfully returned merchant URL25 string merchanturl = nurl;26//Payment result failed returned merchant URL27 string failurl = "Htt p://"+ Request.Url.Authority +"/failurl.aspx "; 28//Merchant packet with string Attach = amount;30//Display amount to String Dispamount= AMOUNT;32//The Order payment interface is encrypted by a string orderencodetype = "5"; 34///Transaction Return interface encryption Method: String retencodetype = "17"; 36//Return mode PNS string  Rettype = "1";//server to Server returns page URL39 string serverurl = nurl;40//Order Payment Interface Md5 Summary, original =billno+ order number + Currencytype + currency + Amount + Order Amount + Date + Order Date + Orderencodetype + Order Payment Interface encryption method + Merchant Internal Certificate string SignMD5 String = System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile ("Billno" + Billno + "Currencytype" + Currency_type + "Amount" + Amount + "date" + billdate + "Orderencodetype" + Orderencodetype + mer_key, "MD5"). ToLower (); Postform string = "<form name=\" frm1\ "id=\" frm1\ "method=\" post\ "action=\" "+ Form_url +" \ ">"; Tform + = "<input type=\" hidden\ "name=\" mer_code\ "value=\" "+ Mer_code +" \ "/>"; Postform + = "<input type=\" H Idden\ "name=\" billno\ "value=\" "+ Billno +" \ "/>"; Postform + = "<input type=\" hidden\ "name=\" amount\ "value=\" "+ Amount +" \ "/>"; Postform + = "<input type=\" hidden\ "name=\" date\ "ValuE=\ "" + billdate + "\"/> ", postform + =" <input type=\ "hidden\" name=\ "currency_type\" value=\ "" + Currency_type + "\"/> "; Postform + =" <input type=\ "hidden\" name=\ "gateway_type\" value=\ "" + Gateway_type + "\"/> "; PostF ORM + = "<input type=\" hidden\ "name=\" lang\ "value=\" "+ Lang +" \ "/>"; Postform + = "<input type=\" hidden\ "NA Me=\ "merchanturl\" value=\ "" + Merchanturl + "\"/> "; Wuyi postform + =" <input type=\ "hidden\" name=\ "FailUrl\" value=\ "+ Failurl +" \ "/>"; Postform + = "<input type=\" hidden\ "name=\" attach\ "value=\" "+ Attach +" \ "/>"; Tform + = "<input type=\" hidden\ "name=\" bankco\ "value=\" "+ Bankco +" \ "/>"; Postform + = "<input type=\" Hidde N\ "name=\" dispamount\ "value=\" "+ Dispamount +" \ "/>"; Postform + = "<input type=\" hidden\ "name=\" OrderEncodeTy  Pe\ "value=\" "+ Orderencodetype +" \ "/>"; Postform + = "<input type=\" hidden\ "name=\" retencodetype\ "value=\" "+ Retencodetype + "\"/&Gt; "; Postform + = "<input type=\" hidden\ "name=\" rettype\ "value=\" "+ Rettype +" \ "/>"; Postform + = "<input type =\ "hidden\" name=\ "serverurl\" value=\ "+ ServerURL +" \ "/>"; Postform + = "<input type=\" hidden\ "name=\" SignMD5 \ "Value=\" "+ SignMD5 +" \ "/>", if (bankco! = "") Postform + = "<input type=\" hidden\ "name=\" docredit\ "va Lue=\ "1\" > "Postform + =" </form> "; 63//Submit the form to test gateway automatically postform + =" <script type=\ "text/javascript\" Language=\ "javascript\" >settimeout (\ "document.getElementById (' Frm1 ')." Submit (); \ ", ten);</script>"; 65 # Endregion

3. Results returned

 1//Receive data 2 string billno = request["Billno"]; 3 String amount = request["Amount"];//+ ". 00"; 4 string currency_type = request["Currency_type"]; 5 String mydate = request["Date"]; 6 string succ = request["SUCC"]; 7 String msg = request["MSG"]; 8 String attach = request["Attach"]; 9 String ipsbillno = request["Ipsbillno"];10 string retencodetype = request["Retencodetype"];11 string signature = Request ["Signature"];12 string bankbillno = request["Bankbillno"];13//Signature Original//billno+ "order number" +currencytype+ "Currency" +amount+ " Order Amount "+date+" Order Date "+succ+" Success sign "+ipsbillno+" IPs order Number "+retencodetype +" Transaction return signature Method "["] "[Billno] + Billno +" Currencytype "+ currency_type +" Amount "+ Amount +" date "+ mydate +" SUCC "+ succ +" Ipsbillno "+ Ipsbillno +" Retencode  Type "+ retencodetype;16//signature is correct for the verify = false;18 19//authentication method: 16-md5withrsa 17-md520//if (Retencodetype = = "17") 22//{23//login http://merchant.ips.com.cn/merchant background Download the Merchant certificate content in string Merchant_key = System.Configuration.ConfigurationManager. appsettings["Mer_key"];25//md5 Summary of string signature1 = FormsAuthentication.HashPasswordForStoringInConfigFile ( Content + Merchant_key, "MD5").     ToLower (), if (signature1 = = signature), {36 verify = true;31}32 33//Determine if signature verification is via the IF (verify = True) 35 Determine if the transaction succeeded if (succ! = "Y") at Response.Write ("<script>alert (\") Trading failed! \ ");</script>"); Response.End ();}42 else43 {Response.Write RT (\ "Trading Success! \ ");</script>"); Response.End}48}49 else50 {Wuyi Response.Write ("The signature is incorrect! "); 52}

Talk about the problem of the pit-father in the development and development of the third-party payment interface