1. What is a third party payment
The so-called third party payment is a number of contracts with major banks, and have a certain strength and credibility of the protection of third-party independent agencies to provide a trading support platform. In a transaction through a Third-party payment platform, the buyer buys the goods and uses the accounts provided by the third party platform to pay for the payment, and the third party notifies the seller of the payment.
At present, there are many institutions to pay third-party payment, common have Alipay, Tenpay, fast money, net silver online, yeepay payment, cloud Network and other major payment platform. If the website needs to realize the third party payment, it should first apply to the third party payment platform for an account and sign the agreement, the third party payment platform will open the online payment function after the agreement comes into effect, and integrate the interface into the website through the program.
Why use a third party to pay? Because the Third-party payment platform has been contracted with major banks, the site owners only need to apply for an account on this platform to support almost all kinds of bank card transactions.
2. Principle of third party payment
The above is a brief description of the payment process, of course, there are some steps omitted (such as shopping carts, orders, etc.), we focus on the payment process.
2.1 Users to the mall site to initiate a confirmation order request
2.2 Mall website receives request to save order data to database or other storage media
2.3 Returns the order confirmation page, the page should display the order amount and so on information
2.4 The user confirms payment, initiates the payment request. Note: Payment requests are sent to the payment gateway (e.g. Alipay, net silver online) rather than sent to the mall site.
2.5 Show Payment Page
2.6 Users fill in the Authentication information (account password, etc.) submitted
2.7 Here are two steps one is the deduction after successful page jump to the Payment results page (displayed to the user), the other is Payment notice, these two steps are not sequential may be executed at the same time, the mall site received payment notice according to the validation rules to verify the validity of the information, and make the appropriate change action (example: To change the order is paid status, invalid to record the illegal request information).
To Alipay as an example: if the implementation of the site in the integration of Alipay interface, the first to have a Alipay account, and then apply to Alipay online payment business, signed an agreement. After the agreement comes into effect there will be a partner ID to the website party for the Alipay party, and Security check code, with these two things can be in accordance with Alipay interface document Development Alipay interface, in the above figure of the steps in only 4 and 72 steps in the mall and pay gateway between the information interaction. In step 4, send the data to the payment Gateway (Alipay), in step 7 is the Notification verification section, the authentication gateway requests the website address, the website according to the validation rule to verify the information to record and to respond, we almost develop any payment interface, the focus is the development of these two parts, understand the payment interface principle, It is not difficult to develop a payment interface.
3. Payment Treasure Interface Development
3.1 Interface Introduction and Testing
Alipay currently provides, secured transactions, standard real-time to the account, dual functions, such as several interfaces, but some differences in functionality, Web site integration is the same way. As an example of a standard immediate-billing interface, after signing the agreement with Alipay, several steps are required to complete the integration.
Select the link that I will see next to "I want to self-help integrate" and click the download technical document.
In the downloaded file, there are standard Alipay trading service interface, merchant tools, interface integration Guide, etc. to receive documents, There are several other languages written in the demo. We can develop new rules according to the interface documents, can also be modified on the basis of the integration to the site, you need to pay attention to the development of payment interfaces need to be in the public network (the server must be able to access through the extranet) can complete the entire debugging process, if the server is not access to the external network, you can not receive payment notification.
Look at the role of each file in the demo:
Here has been downloaded (see Resource Directory Pay folder), in order to facilitate debugging add a number of files modified, and added a data table to save order information, we modify the configuration file to complete a test process.
Alipay_config.php is the basic information profile, we need to write the PID and key obtained in the Alipay background to the configuration file.
Configuration items:
The data in the box is the one we need to focus on modifying. The difference between the payment notification address and the return address, mentioned above, is two items in step 7: The payment result page and the payment notification information, and the payment result page is automatically returned to this address when the user pays the payment and this is the return address ($return _url).
Payment notification address is also paid after the completion of the payment, Alipay will request the address ($notify _url), but the payment notice is Alipay Server direct request, will not be seen by users. These two addresses must be in full path format beginning with HTTP in order to complete the testing process, the/pay/alipay/notify_url.php has been overwritten and the $notify_url is set to the URL that can be accessed to the file. After these are configured, a data table is created based on the database script (Pay/orders.sql). and modify the mysql_config.php according to the configuration information of the database. By simply modifying the demo provided by Alipay, you can complete the creation of payment requests (step 4), where you have changed the payment page (see Source package pay directory). Let's test it first:
An "order information" is added to the database.
If you click on the "Confirm Payment" button or confirm the payment link will jump to the Alipay page, click the button through the form post way to submit the information to the payment gateway, because the payment request data need not let the user see, here are written in the hidden domain. Make sure that the payment link is passed through the URL, because the Alipay interface allows you to submit by post or get, so either way. After submitting the parameters to the payment gateway, the page jumps to the payment page. We see the following figure:
We see Alipay providing us with two forms of payment, one to pay through the Alipay account and the other to be paid through a bank card. For example, choose to use a bank card payment, fill in the mailbox or mobile phone number to jump to the following page:
We open a single Alipay almost support all the bank card payment, at the same time have credit card and dot way payment, select the corresponding bank next prompt payment can be. After payment is completed, the page returns to the $return_url address we configured in the configuration file, and the order status changes.
Note: If the test does not have an external network test (that is, payment notification address can not be accessed outside the network), the payment notice can not be requested to the automatic completion of the order status changes.
3.2 Alipay Interface Specification and code analysis
Alipay Interface Specification can refer to/pay/doc/standard Alipay Trading Service Interface (dedicated to anti-phishing website). PDF, which already has a more detailed description.
3.2.1 How to create a payment request
In the previous test we clicked "confirm payment" to submit the information to the payment gateway of Alipay, and we could think about what parameters should be sent to the payment gateway. For a list of request parameters you can refer to the standard Alipay Trading service Interface (dedicated to anti-phishing sites). 3.2.2 in PDF. Note that it is not that we put these parameters intact to the payment PO on it, in order to ensure that the data security Alipay is currently using MD5 signature to prevent data tampering mechanism.
Before submitting the data need to be submitted to a certain rule (see interface document) assembled into a string, plus a security check code (Key) to form a new string, through the MD5 to generate a 32-byte signature, we submit payment request also need to put this signature also submitted to the past. Take a look at the form source
Alipay received the parameters will verify the legality of the request parameters, the verification will show the payment page, otherwise prompted error.
3.2.2 How to verify payment notifications
Upon completion of the payment, Alipay will request the site to pay the notification address (this address should be passed as a parameter when creating the payment request). Return to the list of parameters see Standard Alipay Trading Service Interface (dedicated to anti-phishing sites). Pdf3.3.1. Alipay's return data also has a signature string (which takes the same signature as the payment request), and the data is first signed for verification in the payment notification file. In addition to verifying the signature, it is also necessary to submit the notify_id in the parameter to Alipay's Authentication Gateway payment Treasure System for the authenticity of this notification, notify the validation. Alipay system to determine whether the notification is sent itself, if it is in the string format returns True, otherwise return false, we verify the data returned by the server to verify the authenticity of the request, if all validated through then can make changes to order data, send a message to the user and so on. About the verification signature you can look at the source code in the notification file. The notify_id submitted to Alipay in the demo is submitted via post and gets the return data, code fragment:
The key here is the Fsockopen function, which we have contacted when sending e-mail, to open a socket connection through this function, similar to the previously learned fopen function that returns a file handle, which can then be used with file functions (Fgets (), FGETSS (), fputs (), Fclose () feof () and so on, the code uses the Fputs () () () function, writes the data to simulate the form to submit the data by post, and finally the fgets () function Gets the returned data to the array, and finally validates it, Specific reference source.
The above is the entire content of this article, I hope to help you learn, but also hope that we support the cloud habitat community.