Login expired. Please log in again.

Feedback

0/300

Feedback

Submitted successfully

ok

Feedback

Network exception, please try again later

ok

Private Key and Certificate

Introduces how to obtain and use merchant API private keys, certificates and WeChat Pay platform certificates.

1. Merchant API Certificate

Merchants must apply for API certificates. These certificates contain the merchant's merchant ID, company name, and public key information.

WeChat Pay API V3 only supports the certificate issued by the Certificate Authority (CA). A merchant can obtain the API certificate by downloading the certificate tool to generate the certificate request string and submitting the request string to the Merchant Platform. The private key file can only be exported with the certificate tool. Keep your private key file secure and confidential. Never put it on any publicly-accessible location, for example, uploading it to Github, or writing it in the client-side code.

Notice
The certificate upgrade will not affect existing services.
Certificates issued by WeChat Pay will expire 14 days after the upgrade. Please replace the existing certificate on the server with the new one as soon as possible.

2. Merchant API Private Key

When a merchant applies for a merchant API certificate, the merchant private key will be generated and saved in the apiclient_key.pem ile in the local certificate folder. The tool can be used to export private keys from merchants' p12 certificates. Please take good care of your merchant private key file.

Notice
Do not expose private key files in public places, such as uploading to Github and writing in client code.

3. Platform Certificate

The WeChat Pay platform certificate is applied for by WeChat Pay and contains the identifier of the WeChat Pay platform and public key information. Merchants can use the public key in the platform certificate to verify signatures.

You can call " Obtain the platform certificate interface" to obtain the WeChat Pay platform certificate.

Notice
Different merchants have varying WeChat Pay platform certificates.
Notice
Platform certificates will be replaced periodically. Merchants should periodically download new certificates via the API.

4. Declaring the Certificate Used

In some cases (such as a private key leakage), the certificate needs to be updated. To ensure the certificate replacement does not affect the use of APIs, the request and response must include the certificate serial number to declare the certificate used for signature or encryption.

• A merchant signature uses the merchant's private key, and the certificate serial number is included in serial_no in Authorization in the HTTP header of the request.

• A WeChat Pay signature uses the WeChat Pay Platform private key, and the certificate serial number is included in Wechatpay-Serial in the HTTP header of the response.

• The sensitive information uploaded by a merchant is encrypted with the WeChat Pay Platform public key, and the certificate serial number is included in Wechatpay-Serial in the HTTP header of the request.

    Page Navigation

About  WeChat  Pay

Powered By Tencent & Tenpay Copyright©

2005-2024 Tenpay All Rights Reserved.

Contact Us
Wechat Pay Global

WeChat Pay Global

置顶