Headers
Request Headers
| Field | Data type | Explanation | Effect |
|---|---|---|---|
| X-UPA-APIKEY | String | Request for API Key | Identify and differentiate white-label users |
| X-UPA-REQUESTID | String | Request for a unique code | Request idempotence |
| X-UPA-TIMESTAMP | String | Timestamp in milliseconds | Request time, if not responded within 60 seconds, timeout and do not respond to this request. Prevent replay attacks. |
| X-UPA-SIGN | String | Signature | Signature, to verify the authenticity and correctness of the requestor. |
Response Header
| Field | Data type | Explanation |
|---|---|---|
| X-UPA-REQUESTID | String | Request a unique code identical to the request ID to ensure consistency in the response. |
| X-UPA-TIMESTAMP | String | Response timestamp, timestamp, milliseconds |
REQUESTID
REQUESTID is a unique request ID for each request and response, and its main functions are as follows:
- Ensures the uniqueness of the request, enabling idempotent processing of the request.
- Enables a unique request query.
- Ensures consistency between the response and the request, which is beneficial for adjusting your architecture.
APIKEY
The APIKEY is the unique request key assigned by UPay, and possession of this key is required to obtain the calling permission.
SIGN
Verify the uniqueness of the request value.
Data Encryption
Some interfaces require that the request parameters and response content be encrypted using a private key through JSON Web Encryption (JWE). For specific interfaces, please refer toAPI List
Request
- The white-label user encrypts the request parameters (excluding those in the Header) using the private key generated by the white-label user. The request format is as follows:
{
"payload":"Encryption data"
}
- UPay receives the request parameters, decrypts them using the public key set by the white-label user in the white-label backend, and retrieves the specific parameter data.
Response
- UPay uses a private key to encrypt the response data with JSON Web Encryption (JWE), and the response format might look like this:
{
"payload":"Encryption data"
}
- The white-label user receives the response data, decrypts it using the public key provided by UPay (the public key can be obtained from the white-label backend), and retrieves the specific response data
Other request information
Please refer to the specific interface details