商户签名验签/加解密测试
更新时间:2026.04.08||
为商户提供签名、验签、加密、解密的测试能力。商户可以选择用平台证书签名,加密,也可以选择微信支付公钥签名,加密。
(1)商户如果使用的是微信支付公钥,请在http请求增加一个Wechatpay-Serial请求头,并传入微信支付公钥ID:"Wechatpay-Serial: PUB_KEY_ID_xxxx"
(2)商户如果使用的是平台证书,请在http请求增加一个Wechatpay-Serial请求头,并传入平台证书序列号:"Wechatpay-Serial: xxxxxxxx"
但是在一次调用中,不支持平台证书和微信支付混合使用,例如使用微信支付公钥签名,平台证书加密。
接口说明
支持商户:【普通服务商】 【平台商户】 【从业机构(银行)】 【从业机构(支付机构)】 【渠道商】 【清算机构】
请求方式:【POST】/v3/security/echo
请求域名:【主域名】https://api.mch.weixin.qq.com 使用该域名将访问就近的接入点
【备域名】https://api2.mch.weixin.qq.com 使用该域名将访问异地的接入点 ,指引点击查看
请求参数
Header HTTP头参数
Authorization 必填 string
请参考签名认证生成认证信息
Accept 必填 string
请设置为application/json
Content-Type 必填 string
请设置为application/json
Wechatpay-Serial 必填 string
【微信支付公钥ID】或【微信支付平台证书序列号】 请求参数中的敏感字段,需要使用微信支付公钥加密(推荐),请参考获取微信支付公钥ID说明以及微信支付公钥加密敏感信息指引;也可以使用微信支付平台证书公钥加密,参考获取平台证书序列号、平台证书加密敏感信息指引
body 包体参数
notify_url 选填 string
【商户回调地址】 开发者接收请求成功的回调通知的地址,需按照notify_url填写注意事项规范填写。不传入该参数,则不会发起回调通知。
echo_message 必填 string
【回显信息】 回显信息字段,该字段无需加密。
encrypted_echo_message 选填 string
【平台证书或微信支付公钥加密测试字段】 平台证书或微信支付公钥加密后的字段。平台证书加密请参考如何使用平台证书加密敏感字段;微信支付公钥加密请参考如何使用微信支付公钥加密敏感字段
请求示例
curl
Java
Go
POST
1curl -X POST \ 2 https://api.mch.weixin.qq.com/v3/security/echo \ 3 -H "Authorization: WECHATPAY2-SHA256-RSA2048 mchid=\"1900000001\",..." \ 4 -H "Accept: application/json" \ 5 -H "Wechatpay-Serial: 5157F09EFDC096DE15EBE81A47057A7232F1B8E1" \ 6 -H "Content-Type: application/json" \ 7 -d '{ 8 "notify_url" : "https://www.weixin.qq.com/v3/test", 9 "echo_message" : "hello", 10 "encrypted_echo_message" : "Fx9mh7K5sjqHxxQcgDVhnJ9QdS4nKfcUbuAOjMqetTOozwcJknYJK52SPZSYUCv2bqTTezwVzGPgZ52QL0rTA/ZU7jBY5vqmDj1knBbKIsmNjwtfL0fEAMf5gSzproHq+LBYIoCi91K5tyhp7kKSOxyOz4Hna6Up+IugfZNMbVMxkj7syUs2BOsJFPstvkNwHsJreR2y9cj5jSqtBaXuDK3X3sG1z/yt6mrE04MOEiO/INKdOUYtVfP1yBOazX/tSlXm6ndVswvjSm/61B1kjnNW9TZtPN6FhLqkvS9BVqnGxCYdhGoU2HYh/+pmuaHaO227Ur/D3u2bHux+NKa/qg==" 11 }' 12
需配合微信支付工具库 WXPayUtility 使用,请参考Java
1package com.java.demo; 2 3import com.java.utils.WXPayUtility; // 引用微信支付工具库,参考:https://pay.weixin.qq.com/doc/v3/partner/4014985777 4 5import com.google.gson.annotations.SerializedName; 6import com.google.gson.annotations.Expose; 7import okhttp3.MediaType; 8import okhttp3.OkHttpClient; 9import okhttp3.Request; 10import okhttp3.RequestBody; 11import okhttp3.Response; 12 13import java.io.IOException; 14import java.io.UncheckedIOException; 15import java.security.PrivateKey; 16import java.security.PublicKey; 17import java.util.ArrayList; 18import java.util.HashMap; 19import java.util.List; 20import java.util.Map; 21 22/** 23 * 商户签名验签/加解密测试 24 */ 25public class ApiSecurityEcho { 26 private static String HOST = "https://api.mch.weixin.qq.com"; 27 private static String METHOD = "POST"; 28 private static String PATH = "/v3/security/echo"; 29 30 public static void main(String[] args) { 31 // TODO: 请准备商户开发必要参数,参考:https://pay.weixin.qq.com/doc/v3/partner/4013080340 32 ApiSecurityEcho client = new ApiSecurityEcho( 33 "19xxxxxxxx", // 商户号,是由微信支付系统生成并分配给每个商户的唯一标识符,商户号获取方式参考 https://pay.weixin.qq.com/doc/v3/partner/4013080340 34 "1DDE55AD98Exxxxxxxxxx", // 商户API证书序列号,如何获取请参考 https://pay.weixin.qq.com/doc/v3/partner/4013058924 35 "/path/to/apiclient_key.pem", // 商户API证书私钥文件路径,本地文件路径 36 "PUB_KEY_ID_xxxxxxxxxxxxx", // 微信支付公钥ID,如何获取请参考 https://pay.weixin.qq.com/doc/v3/partner/4013038589 37 "/path/to/wxp_pub.pem" // 微信支付公钥文件路径,本地文件路径 38 ); 39 40 EchoRequest request = new EchoRequest(); 41 request.notifyUrl = "https://www.weixin.qq.com/v3/test"; 42 request.echoMessage = "hello"; 43 request.encryptedEchoMessage = client.encrypt("encrypted_echo_message"); 44 try { 45 EchoResponse response = client.run(request); 46 // TODO: 请求成功,继续业务逻辑 47 System.out.println(response); 48 } catch (WXPayUtility.ApiException e) { 49 // TODO: 请求失败,根据状态码执行不同的逻辑 50 e.printStackTrace(); 51 } 52 } 53 54 public EchoResponse run(EchoRequest request) { 55 String uri = PATH; 56 String reqBody = WXPayUtility.toJson(request); 57 58 Request.Builder reqBuilder = new Request.Builder().url(HOST + uri); 59 reqBuilder.addHeader("Accept", "application/json"); 60 reqBuilder.addHeader("Wechatpay-Serial", wechatPayPublicKeyId); 61 reqBuilder.addHeader("Authorization", WXPayUtility.buildAuthorization(mchid, certificateSerialNo,privateKey, METHOD, uri, reqBody)); 62 reqBuilder.addHeader("Content-Type", "application/json"); 63 RequestBody requestBody = RequestBody.create(MediaType.parse("application/json; charset=utf-8"), reqBody); 64 reqBuilder.method(METHOD, requestBody); 65 Request httpRequest = reqBuilder.build(); 66 67 // 发送HTTP请求 68 OkHttpClient client = new OkHttpClient.Builder().build(); 69 try (Response httpResponse = client.newCall(httpRequest).execute()) { 70 String respBody = WXPayUtility.extractBody(httpResponse); 71 if (httpResponse.code() >= 200 && httpResponse.code() < 300) { 72 // 2XX 成功,验证应答签名 73 WXPayUtility.validateResponse(this.wechatPayPublicKeyId, this.wechatPayPublicKey, 74 httpResponse.headers(), respBody); 75 76 // 从HTTP应答报文构建返回数据 77 return WXPayUtility.fromJson(respBody, EchoResponse.class); 78 } else { 79 throw new WXPayUtility.ApiException(httpResponse.code(), respBody, httpResponse.headers()); 80 } 81 } catch (IOException e) { 82 throw new UncheckedIOException("Sending request to " + uri + " failed.", e); 83 } 84 } 85 86 private final String mchid; 87 private final String certificateSerialNo; 88 private final PrivateKey privateKey; 89 private final String wechatPayPublicKeyId; 90 private final PublicKey wechatPayPublicKey; 91 92 public ApiSecurityEcho(String mchid, String certificateSerialNo, String privateKeyFilePath, String wechatPayPublicKeyId, String wechatPayPublicKeyFilePath) { 93 this.mchid = mchid; 94 this.certificateSerialNo = certificateSerialNo; 95 this.privateKey = WXPayUtility.loadPrivateKeyFromPath(privateKeyFilePath); 96 this.wechatPayPublicKeyId = wechatPayPublicKeyId; 97 this.wechatPayPublicKey = WXPayUtility.loadPublicKeyFromPath(wechatPayPublicKeyFilePath); 98 } 99 100 public String encrypt(String plainText) { 101 return WXPayUtility.encrypt(this.wechatPayPublicKey, plainText); 102 } 103 104 public static class EchoRequest { 105 @SerializedName("notify_url") 106 public String notifyUrl; 107 108 @SerializedName("echo_message") 109 public String echoMessage; 110 111 @SerializedName("encrypted_echo_message") 112 public String encryptedEchoMessage; 113 } 114 115 public static class EchoResponse { 116 @SerializedName("echo_message") 117 public String echoMessage; 118 119 @SerializedName("encrypted_echo_message") 120 public String encryptedEchoMessage; 121 } 122 123} 124
需配合微信支付工具库 wxpay_utility 使用,请参考Go
1package main 2 3import ( 4 "bytes" 5 "demo/wxpay_utility" // 引用微信支付工具库,参考 https://pay.weixin.qq.com/doc/v3/partner/4015119446 6 "encoding/json" 7 "fmt" 8 "net/http" 9 "net/url" 10) 11 12func main() { 13 // TODO: 请准备商户开发必要参数,参考:https://pay.weixin.qq.com/doc/v3/partner/4013080340 14 config, err := wxpay_utility.CreateMchConfig( 15 "19xxxxxxxx", // 商户号,是由微信支付系统生成并分配给每个商户的唯一标识符,商户号获取方式参考 https://pay.weixin.qq.com/doc/v3/partner/4013080340 16 "1DDE55AD98Exxxxxxxxxx", // 商户API证书序列号,如何获取请参考 https://pay.weixin.qq.com/doc/v3/partner/4013058924 17 "/path/to/apiclient_key.pem", // 商户API证书私钥文件路径,本地文件路径 18 "PUB_KEY_ID_xxxxxxxxxxxxx", // 微信支付公钥ID,如何获取请参考 https://pay.weixin.qq.com/doc/v3/partner/4013038589 19 "/path/to/wxp_pub.pem", // 微信支付公钥文件路径,本地文件路径 20 ) 21 if err != nil { 22 fmt.Println(err) 23 return 24 } 25 26 request := &EchoRequest{ 27 NotifyUrl: wxpay_utility.String("https://www.weixin.qq.com/v3/test"), 28 EchoMessage: wxpay_utility.String("hello"), 29 EncryptedEchoMessage: wxpay_utility.String("Fx9mh7K5sjqHxxQcgDVhnJ9QdS4nKfcUbuAOjMqetTOozwcJknYJK52SPZSYUCv2bqTTezwVzGPgZ52QL0rTA/ZU7jBY5vqmDj1knBbKIsmNjwtfL0fEAMf5gSzproHq+LBYIoCi91K5tyhp7kKSOxyOz4Hna6Up+IugfZNMbVMxkj7syUs2BOsJFPstvkNwHsJreR2y9cj5jSqtBaXuDK3X3sG1z/yt6mrE04MOEiO/INKdOUYtVfP1yBOazX/tSlXm6ndVswvjSm/61B1kjnNW9TZtPN6FhLqkvS9BVqnGxCYdhGoU2HYh/+pmuaHaO227Ur/D3u2bHux+NKa/qg=="), /*请传入wxpay_utility.EncryptOAEPWithPublicKey 加密结果*/ 30 } 31 32 response, err := ApiSecurityEcho(config, request) 33 if err != nil { 34 fmt.Printf("请求失败: %+v\n", err) 35 // TODO: 请求失败,根据状态码执行不同的处理 36 return 37 } 38 39 // TODO: 请求成功,继续业务逻辑 40 fmt.Printf("请求成功: %+v\n", response) 41} 42 43func ApiSecurityEcho(config *wxpay_utility.MchConfig, request *EchoRequest) (response *EchoResponse, err error) { 44 const ( 45 host = "https://api.mch.weixin.qq.com" 46 method = "POST" 47 path = "/v3/security/echo" 48 ) 49 50 reqUrl, err := url.Parse(fmt.Sprintf("%s%s", host, path)) 51 if err != nil { 52 return nil, err 53 } 54 reqBody, err := json.Marshal(request) 55 if err != nil { 56 return nil, err 57 } 58 httpRequest, err := http.NewRequest(method, reqUrl.String(), bytes.NewReader(reqBody)) 59 if err != nil { 60 return nil, err 61 } 62 httpRequest.Header.Set("Accept", "application/json") 63 httpRequest.Header.Set("Wechatpay-Serial", config.WechatPayPublicKeyId()) 64 httpRequest.Header.Set("Content-Type", "application/json") 65 authorization, err := wxpay_utility.BuildAuthorization(config.MchId(), config.CertificateSerialNo(), config.PrivateKey(), method, reqUrl.RequestURI(), reqBody) 66 if err != nil { 67 return nil, err 68 } 69 httpRequest.Header.Set("Authorization", authorization) 70 71 client := &http.Client{} 72 httpResponse, err := client.Do(httpRequest) 73 if err != nil { 74 return nil, err 75 } 76 respBody, err := wxpay_utility.ExtractResponseBody(httpResponse) 77 if err != nil { 78 return nil, err 79 } 80 if httpResponse.StatusCode >= 200 && httpResponse.StatusCode < 300 { 81 // 2XX 成功,验证应答签名 82 err = wxpay_utility.ValidateResponse( 83 config.WechatPayPublicKeyId(), 84 config.WechatPayPublicKey(), 85 &httpResponse.Header, 86 respBody, 87 ) 88 if err != nil { 89 return nil, err 90 } 91 response := &EchoResponse{} 92 if err := json.Unmarshal(respBody, response); err != nil { 93 return nil, err 94 } 95 96 return response, nil 97 } else { 98 return nil, wxpay_utility.NewApiException( 99 httpResponse.StatusCode, 100 httpResponse.Header, 101 respBody, 102 ) 103 } 104} 105 106type EchoRequest struct { 107 NotifyUrl *string `json:"notify_url,omitempty"` 108 EchoMessage *string `json:"echo_message,omitempty"` 109 EncryptedEchoMessage *string `json:"encrypted_echo_message,omitempty"` 110} 111 112type EchoResponse struct { 113 EchoMessage *string `json:"echo_message,omitempty"` 114 EncryptedEchoMessage *string `json:"encrypted_echo_message,omitempty"` 115} 116
应答参数
200 OK
echo_message 必填 string
【回显信息】 回显信息字段,该字段无需加密。内容与请求消息的echo_message保持一致。
encrypted_echo_message 选填 string
【商户证书加密回显信息】 回显信息字段,只有请求参数传入了encrypted_echo_message才会返回。使用商户证书私钥解密,解密请参考如何使用API证书解密敏感字段。解密后内容与请求消息的encrypted_echo_message一致。
应答示例
200 OK
1{ 2 "echo_message" : "hello", 3 "encrypted_echo_message" : "KYEch8YvVgsfWkl+rZRBkBOxm5k5gh2D4NcOqhCAjbBnb3gqKmZrcNzT7rt0PBL0U8Ix5Pl+BvzbfZobHPtq7+p91fNOy8e/uE1RnGuUj6jl7Ga6RLk3fXvAqAGnvRvCkWqSHnGySGCOze0abIuKOP4b2zZBsXUJT+SRO+Ah9dDabr+quRKDBVqnLUXij1GJlIB0s1+r2oI4pSk7dF7bmGLrjGB6dNyaYjJBs888W8IlMR4wpzoShaCXkhq4o4JwPERY2p1l97NtnzN69ggA9yI4JUdRuzeNc26hKSvPLBds6FKs6BTEu1ZAbj6Vw9QDNvugXNyjKjQwXe4Ddj3E0g==" 4} 5
错误码
以下是本接口返回的错误码列表。详细错误码规则,请参考微信支付接口规则-错误码和错误提示
文档是否有帮助
