The main interaction between the merchant system and the WeChat Pay system:
Step 1: The user completes the order at the merchant side and uses WeChat Pay to make the payment.
Step 2: The merchant backend initiates an order request to WeChat Pay (Calling the H5 payment order API.) Note: transaction type trade_type=MWEB
Step 3: The H5 payment order API returns payment-related parameters to the merchant backend, such as the payment redirect URL (parameter name "mweb_url"). The merchant calls the WeChat Pay middle page through mweb_url.
Step 4: The middle page performs H5 permission verification and security check (see below for common errors here).
Step 5: If the payment succeeds, the merchant's backend will receive an asynchronous notification from WeChat.
Step 6: The user completes the payment or cancels the payment at the WeChat Pay cashier, and returns to the merchant page (the default is set to the payment initiation page).
Step 7: On the display page, the merchant guides the user to initiate a query of the payment result.
Step 8\9: The merchant's backend checks whether it has received the payment result notification from WeChat. If not, the backend calls the order query API to confirm the order status.
Step 10: The user is notified of the final order payment result.
HH5 Payment requires merchants to upload the user’s real IP address "payer_client_ip" in the unified ordering API. The following guides for obtaining the user’s IP are provided to ensure that the user’s IP address obtained by WeChat is consistent with that obtained by the merchant.
The way to obtain the IP is relatively simple when the front-end access layer of the merchant. Get 'REMOTE_ADDR' directly.
In the case of an agent, as the client needs to be replaced to access the server, when the request packet passes through the reverse agent, the IP header of the IP packet is modified in the agent server, and the source IP address of the packet header obtained by the back-end web server is the IP address of the agent server. Therefore, the backend server program cannot obtain the user's real IP.
When nginx has an agent:
Add the following to the configuration in nginx:
vi /usr/local/apache/conf/httpd.conf
Include conf/extra/httpd-remoteip.conf
vi /usr/local/apache/conf/extra/httpd-remoteip.conf
LoadModule remoteip_module modules/mod_remoteip.so
RemoteIPHeader X-Forwarded-For
RemoteIPinternalProxy 127.0.0.1
When Apache has an agent:
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Real-Port $remote_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
Code example
string GetClientIp(CgiInput * poInput) {
string client_ip = "";
string strClientIPList;
GetHttpHeader("X-Forwarded-For", strClientIPList);
if (strClientIPList.empty()) {
GetHttpHeader("X-Real-IP", strClientIPList);
}
if (!strClientIPList.empty()) {
size_t iPos = strClientIPList.find( "," );
if ( iPos != std::string::npos ) {
client_ip = strClientIPList.substr( iPos );
}
else {
client_ip = strClientIPList;
}
}
if (client_ip.empty()) {
GetHttpHeader("PROXY_FORWARDED_FOR", strClientIPList);
//Perform compatibility
if (strClientIPList.empty()) {
client_ip = getRemoteAddr();
}
else {
size_t iPos = strClientIPList.find( "," );
if ( iPos != std::string::npos ) {
client_ip = strClientIPList.substr( iPos );
}
else {
client_ip = strClientIPList;
}
}
}
if (!MMPayCommFunc::IsIp(client_ip))
client_ip = getRemoteAddr();
return client_ip;
}
In the normal process, the user will return to the page where the payment is initiated after completing the payment. If the user needs to return to the specified page, you can splice the redirect_url parameter after MWEB_URL to specify the callback page.
For example, if you want to redirect users to https://www.wechatpay.com.cn after the payment is completed, you can do the following:
Suppose you get MWEB_URL= https://wx.tenpay.com/cgi-bin/mmpayweb-bin/checkmweb?prepay_id=wx20161110163838f231619da20804912345&package=1037687096 through the unified order API,
the spliced address should be MWEB_URL= https://wx.tenpay.com/cgi-bin/mmpayweb-bin/checkmweb?prepay_id=wx20161110163838f231619da20804912345&package=1037687096&redirect_url=https%3A%2F%2Fwww.wechatpay.com.cn.
1. Urlencode processing for redirect_url is required.
2. After the redirect_url is set, the user may return to the specified page when: 1. more than 5 seconds after the WeChat Pay middle page calls the WeChat cashier; 2. the user taps Cancel Payment or taps Finish after the payment is completed. There is no guarantee that the payment process has ended when the user returns to the specified page. Therefore, the redirect_url address set by the merchant cannot automatically perform the order check operation. The user needs to tap the button to trigger the order check operation. See the figure below for the display effect of returning to the specified page.
Problem | Problem Description | Solution |
---|---|---|
The network environment fails to pass the security verification. Please try again later. | 1. The terminal IP (spbill_create_ip) of the unified order transmission on the merchant side is inconsistent with the terminal IP detected on WeChat when the user actually transfers the payment. This problem generally occurs when the merchant fails to transmit the correct terminal IP to spbill_create_ip while placing an order. Please refer toGuide for Obtaining Client IPfor details. 2. The network is changed when the unified order is placed and the payment is transferred. For example, the unified order is placed in the Wi-Fi network, after the order is successfully placed, the network is switched to 4G to transfer the payment. In such a case, the normal interception will be triggered and the user needs to re-initiate the payment process in the same network environment. |
|
The merchant parameter format is incorrect. Please contact the merchant. | 1. The current referrer for H5 payment is empty. This problem generally occurs when the user directly accesses the page to initiate H5 Payment. Please follow the normal process to initiate the payment after being redirected, or capture the packet to check whether the referrer value is empty
2. If H5 Payment is initiated in the app, you need to manually set the referrer in the webview, such as (Map extraHeaders = new HashMap(); |
|
The merchant has unconfigured parameters. Please contact the merchant. | 1. The domain currently calling H5 Payment (obtained from the referrer WeChat) is inconsistent with the authorized domain submitted when you apply for H5 Payment. If you need to add or modify the authorized domain, please log in to the merchant platform corresponding to the merchant account in Product Center > Development Configuration to configure the authorized domain. 2. If the redirect_url is set, check whether the domain of the redirect URL is the same as the authorized domain submitted when you apply for H5 Payment. |
|
Payment request has expired. Please re-initiate payment. | After the MWEB_URL returned by the unified order is generated, it will remain valid for 5 minutes. If it expires, regenerate the MWEB_URL and initiate the payment. | |
Open the order outside WeChat to make payment. | H5 Payment cannot be called directly in WeChat. Instead, call it in a third-party browser. | |
iOS: Signature verification failed Android: System is busy, please try again later |
1. Make sure that the same MWEB_URL is only called by one WeChat account. If it is called by another WeChat account, please place an order again to generate a new MWEB_URL.
2. If redirect_url is added to MWEB_URL, check whether the parameter splicing format is wrong, whether urlencode is performed on the value of redirect_url. See the following example format: https://wx.tenpay.com/cgi-bin/mmpayweb-bin/checkmweb?prepay_id=wx20161110163838f23161 |
Customer Service Tel
Business Development
9:00-18:00
Monday-Friday GMT+8
Technical Support
WeChat Pay Global
ICP证