Introduction
Access Process
Preparation
The access party can contact the Cashy business operation team. After the merchant completes this process, the Cashy technical team will open a sandbox environment account and permissions for you to integrate.
If you have any questions about Cashy's products, or you want to know more about Cashy's products, please contact our business operations
TIP
If you click on the icon to not bring up the mail client, please contact this mail address lauren@cashypro.com
Technical docking
After you get the sandbox environment account and merchant key, you can develop by yourself based on the API documentation, and the Cashy technical team will assist you to complete the integration.
Production release
After the sandbox docking is completed, you can apply to us to open a production environment account, and the Cashy technical team will open the production environment account and permissions for you.
API签名规范
API Signature Specification
Note that this specification applies to API access in all countries.
Request Method
All API interfaces of Cashy are POST requests.
Request Header
| Parameter | Required | Type | Description |
|---|---|---|---|
Content-Type | Y | string | application/json |
MerchantId | Y | int | MerchantId, generated by Cashy and provided to you |
Sign | Y | string | Request signature, see below for signature mechanism |
Response Body
{
"code": 200,
"msg": "SUCCESS",
"data": {}
}| Parameter | Type | Description |
|---|---|---|
| code | int | Response code, 200 is successful |
| msg | string | Response message |
| data | object | Response data |
TIP
Note that when the code is 200, the request is successful. Other cases are request failures. pls refer to the msg field for specific failure reasons (can be found in the appendix of each country document).
Signature Mechanism
To ensure transaction security and API call security, Cashy will perform signature verification on all interface requests, and you need to sign all requests for Cashy to confirm your identity.
Before accessing, Cashy will assign the MerchantId and merchant apiKey of the merchant sandbox environment to the merchant. The merchant apiKey is used for signature, and the MerchantId is used to identify the merchant's identity.
TIP
- When merchants request Cashy's API interface, they should pass the merchant ID through the request header
MerchantIdfield. - When merchants request Cashy's API interface, they should use the MD5 digest algorithm to sign the request, and the signature is passed through the Sign field of the request header.
Merchants can follow the steps below to generate a request signature.
- Splice the request package body and merchant apiKey.
content=request package body+apiKey - Calculate the signature through the Md5 digest algorithm.
signature=MD5(content) - Pass the signature through the Sign field of the request header.
Asynchronous callback signature verification
When Cashy sends you an asynchronous callback notification, it will sign the callback request according to the above mechanism. After you receive the asynchronous callback notification, you need to verify the callback request to confirm that the callback request is indeed from Cashy.
- Calculate the signature According to the signature mechanism, get the complete package body of the Cashy asynchronous callback notification and your merchant key spliced, calculate the MD5, and get the signature value.
- Verify the signature Compare the signature value of the
Signfield in the Cashy asynchronous callback request header with the signature value you calculated. If they are the same, the signature verification is passed, otherwise the signature verification fails.
DANGER
We strongly recommend that you: When processing asynchronous callback notifications from Cashy, you must verify the signature, which can maximize the security of your funds.
Signature/Verification Code Example
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
public class DocsMerchantSignUtils {
public static void main(String[] args) {
String merchantId = "112345678";
String apiKey = "K-xxxxxxxxxx";
String httpRequestBody = "{\"orderNumber\":\"P123456\"}";
// Sign
String sign = DocsMerchantSignUtils.sign(httpRequestBody, apiKey);
System.out.println(sign);
// Verify Sign
System.out.println(DocsMerchantSignUtils.verifySign(sign, httpRequestBody, apiKey));
}
/**
* @param content content
* @param secretKey secretKey
* @return String sign
*/
public static String sign(String content, String secretKey) {
String signStr = content + secretKey;
MessageDigest md = null;
try {
md = MessageDigest.getInstance("MD5");
md.update(signStr.getBytes());
} catch (NoSuchAlgorithmException e) {
throw new RuntimeException(e);
}
return byte2HexString(md.digest());
}
/**
* @param sign sign
* @param content content
* @param secretKey secretKey
* @return verify result
*/
public static boolean verifySign(String sign, String content, String secretKey) {
return sign.equalsIgnoreCase(sign(content, secretKey));
}
/**
* @param data data
* @return String
*/
private static String byte2HexString(byte[] data) {
final char[] alphabets = "0123456789ABCDEF".toCharArray();
int len = data.length;
char[] res = new char[len << 1];
int i = 0;
for (int j = 0; i < len; ++i) {
res[j++] = alphabets[(240 & data[i]) >>> 4];
res[j++] = alphabets[15 & data[i]];
}
return new String(res);
}
}package main
import (
"crypto/md5"
"fmt"
)
func Md5UtilsHash(bodyJson, apiKey string) string {
data := []byte(bodyJson + apiKey)
has := md5.Sum(data)
md5str1 := fmt.Sprintf("%x", has) //Convert []byte to decimal
return md5str1
}
func main() {
body := "{\"test\":\"test\"}"
apiKey := "Your merchant key"
sign := Md5UtilsHash(body, apiKey)
fmt.Println(sign)
}<?php
function md5UtilsHash($bodyJson, $apiKey) {
$data = $bodyJson . $apiKey;
$md5str1 = md5($data);
return $md5str1;
}
$body = "{\"test\":\"test\"}"; // RequestBody
$apiKey = 'K-xxxxxxx'; // ApiKey
$sign = md5UtilsHash($body, $apiKey);
echo $sign;import hashlib
def md5_utils_hash(body_json, api_key):
data = body_json + api_key
md5_hash = hashlib.md5(data.encode()).hexdigest()
return md5_hash
body = "{\"test\":\"test\"}" # RequestBody
api_key = 'K-xxxxxxx' # ApiKey
sign = md5_utils_hash(body, api_key)
print(sign)List of supported countries
| Country | Document address |
|---|---|
| Columbia | document address |
| Brazil | document address |
| Mexico | document address |
| Chile | document address |
| Peru | document address |
| Indonesia | document address |
| Vietnam | document address |
| Tanzania | document address |