Signature
WeChat Pay API V3 ensures the authenticity of the request and the integrity of the data by verifying the signature.
WeChat Pay API V3 ensures the authenticity of the request and the integrity of the data by verifying the signature.
Merchants need to use their own private keys to sign the combination of key data such as API URL and message body with SHA-256 with RSA. The requested signature is passed through the HTTP header Authorization
. For details, please see Signature Generation Guide. Requests without signatures or with unverified signatures will not be processed, and the message 401 Unauthorized
will be returned.
After the signature of a request is verified, WeChat Pay API V3 will use the platform private key of WeChat Pay to sign the response. The signature information is contained in the HTTP header. Please refer to Signature Verification Guide.
Please use the public key of WeChat Pay to verify the signature, which is included in the WeChat Pay platform certificate
Please verify the signature in the response
A successful response without a signature (HTTP status code is 2xx) should be considered forged or tampered.
When the merchant's API is called, WeChat Pay will use the platform private key of WeChat Pay to sign the callback request. The signature method is the same as the response signature method. The merchant must use the WeChat Pay public key to verify the signature of the callback.
Customer Service Tel
Business Development
9:00-18:00
Monday-Friday GMT+8
Technical Support
WeChat Pay Global
ICP证