🔐 Signature

HaloPay API authenticates your requests by AppId and AppKey. Log in to your HaloPay account, go to AppManage page, you can find your AppId and AppKey on this page.

💡

AppId and AppKey carries many privileges, so be sure to keep it secure. Please do not share your developer information in publicly accessible areas such as GitHub, client code, etc.

📖 Signature Guide

Name	Type	Description
X-Sign	string	Signature
X-Timestamp	int	Timestamp（sec）
X-Appid	string	Merchant APPID
content-type	string	application/json

Signature Algorithm

// sign (golang)
func hmacSHA256Sign(appKey, timestamp string, body interface{}) (string, error) {
   jsonStr, err := json.Marshal(body)
   if err != nil {
      return  "", err
   }
   sha256Mac := hmac.New(sha256.New, []byte(appKey))
   _, err = sha256Mac.Write(append(jsonStr, []byte(timestamp)...))
   if err != nil {
      return "", err
   }
   return hex.EncodeToString(sha256Mac.Sum(nil)), nil
}

// sign (Java)
public static String sign(String appKey, long timestamp, String body) {
    String input = body + timestamp;
    
    Mac mac = Mac.getInstance("HmacSHA256");
    SecretKey secretKey = new SecretKeySpec(
        appKey.getBytes(StandardCharsets.UTF_8), "HmacSHA256"
    );
    mac.init(secretKey);
    
    byte[] hash = mac.doFinal(input.getBytes(StandardCharsets.UTF_8));
    
    // bytes to hex
    StringBuilder sb = new StringBuilder();
    for (byte b : hash) {
        sb.append(String.format("%02x", b));
    }
    return sb.toString();
}

📖 Signature Guide​

Header​

Signature Algorithm​

📖 Signature Guide

Header

Signature Algorithm