Private Key and Certificate
Introduces how to obtain and use merchant API private keys, certificates and WeChat Pay platform certificates.
Introduces how to obtain and use merchant API private keys, certificates and WeChat Pay platform certificates.
Merchants must apply for API certificates. These certificates contain the merchant's merchant ID, company name, and public key information.
WeChat Pay API V3 only supports the certificate issued by the Certificate Authority (CA). A merchant can obtain the API certificate by downloading the certificate tool to generate the certificate request string and submitting the request string to the Merchant Platform. The private key file can only be exported with the certificate tool. Keep your private key file secure and confidential. Never put it on any publicly-accessible location, for example, uploading it to Github, or writing it in the client-side code.
When a merchant applies for a merchant API certificate, the merchant private key will be generated and saved in the apiclient_key.pem
ile in the local certificate folder. The tool can be used to export private keys from merchants' p12 certificates. Please take good care of your merchant private key file.
The WeChat Pay platform certificate is applied for by WeChat Pay and contains the identifier of the WeChat Pay platform and public key information. Merchants can use the public key in the platform certificate to verify signatures.
You can call " Obtain the platform certificate interface" to obtain the WeChat Pay platform certificate.
In some cases (such as a private key leakage), the certificate needs to be updated. To ensure the certificate replacement does not affect the use of APIs, the request and response must include the certificate serial number to declare the certificate used for signature or encryption.
• A merchant signature uses the merchant's private key, and the certificate serial number is included in serial_no
in Authorization
in the HTTP header of the request.
• A WeChat Pay signature uses the WeChat Pay Platform private key, and the certificate serial number is included in Wechatpay-Serial
in the HTTP header of the response.
• The sensitive information uploaded by a merchant is encrypted with the WeChat Pay Platform public key, and the certificate serial number is included in Wechatpay-Serial
in the HTTP header of the request.
Customer Service Tel
Business Development
9:00-18:00
Monday-Friday GMT+8
Technical Support
WeChat Pay Global
ICP证