Alipay Interface Mobile Web site payment verification return string and signature validation does not pass the reason summary

is not the first time to do the payment interface development, each do the payment interface development will actually encounter some trouble. The main place is in the verification (signature) section.

The function of the verification is to determine whether the callback (synchronous return, get method) or notification (asynchronous post method) of the payment result is really issued by the Alipay server.

Here are 2 purposes: 1 is to record the return content of this notification, 2 is to enumerate the current payment treasure interface in the development process encountered, may affect the verification of the reasons for the endorsement.

1. Data returned by synchronous callback (get method)

In PHP, for example, Var_dump ($_get) Gets the following array:

Array
  ' body ' => string ' User account Recharge ' (length=18)
  ' is_success ' => string ' T ' (length=1)
  ' notify_id ' => String ' A long string of balabalbabab things ' (length=70)
  ' notify_time ' => string ' 2016-12-26 16:37:47 ' (length=19)
  ' Notify_ Type ' => string ' Trade_status_sync ' (length=17)
  ' out_trade_no ' => string ' 20161226163712111782 ' (length=20) c6/> ' Payment_type ' => string ' 1 ' (length=1)
  ' seller_id ' => string ' 2088521242126500 ' (length=16)
  ' Service ' => string ' Alipay.wap.create.direct.pay.by.user ' (length=36)
  ' subject ' => string ' User account recharge ' (length=
  ' Total_fee ' => string ' 0.01 ' (length=4)
  ' trade_no ' => string ' 2016122621001004720297207882 ' ( length=28)
  ' trade_status ' => string ' trade_success ' (length=13)
  ' sign ' => string 

' signature ' (length= 172)
  ' Sign_type ' => string ' RSA ' (length=3)

Reason for the failure of the sync notification check to pass:

1. The method of generating the key is incorrect, the way to upload the key is not correct, please check carefully according to the instructions of the development document.

2. The returned parameter is not clean, for example, the $_get array of thinkphp will actually add an array of the ' _url_ ' =>array (0=> ' ',1=> ' "The Controller ',2=> ' method ') to the end of the array, so before checking, First unset ($_get[' _url_ ').

The reason why the asynchronous interface check does not pass:

1. Key generation and upload methods are not correct, please follow the document carefully check.

2. The firewall causes, intercepts the Alipay server The POST request, causes cannot receive the asynchronous result

3. The debugging of asynchronous results must be placed on the public network can access the server for debugging, otherwise you can not receive asynchronous notification, the reason to think.

4. In your development process, passing the past asynchronous notification URL can not have such parameters as pay.php?id=1, must be to a final processing script address, such as: http://www.xyservice.com/pay/or http:// www.xyservice.com/pay.php

5. Make sure that your asynchronous notification path is accessible, if you can not access, such as your interface may have permission to verify, but the Alipay interface directly post the data you think is not logged in, the program directly rejected and 302 jump to the login page, or some host to intercept the Alipay POST request.

And one more thing, Some people say that the cacert.pem of the wrong path will also affect the verification, in fact, the author in the debugging when the need to deliberately comment out the path of the CACERT.PEM, the results in the demo demo, the demo content has been replaced by the author's PID and key information, incredibly can check through, so at present, this CA certificate The path problem may not be the main reason for the failure to pass the Alipay interface, of course, even if you want to ensure that the path to the CA certificate is correct in the development process, in case the interface starts validating the CA certificate.

This is the present author in the actual development process encountered in the situation, recorded, one is to encounter the same trouble friends a reference, and the second is to make a note for themselves.