Constructing the Signature String

The signature string consists of 5 lines, each ending with \n (ASCII 0x0A), except the last line.

Important rules:

One element per line

If a field is empty, the line must still exist (keep \n)

Structure must remain unchanged

Standard Structure ↓

Request path\n
Request timestamp(timestamp)\n
Request a random string (nonce)\n
Merchant ID\n
Request message body

Without Request Body ↓

Request path\n
Request timestamp(timestamp)\n
Request a random string (nonce)\n
Merchant number

Without Merchant ID ↓
(Still keep empty line)

Request path\n
Request timestamp(timestamp)\n
Request a random string (nonce)\n
\n
Request message body

Note:

Always maintain line structure consistency

Even if a value is empty, the newline must remain

Exception: last line does not end with \n

File upload APIs use a different body structure (see file upload section)

Example
TBD

Signature Calculation

Use SHA256withRSA to sign the signature string

Use the client private key

Encode the signature result with Base64

It is strongly recommended to use built-in cryptographic libraries

HTTP Headers

When the requested content belongs to the merchant, the X-Merch-Id request header needs to be set, and the content is the merchant number assigned by Paykka Cross-border Collection Open Platform (generation method)

The request passes the signature through the HTTP Authorization header, whose content is a URLEncode JSON object, containing the following fields:

key	format	description
sign_type	String	Signature algorithm (SHA256_WITH_RSA)
timestamp	String	Millisecond timestamp (Unix Epoch)
nonce	String(6-32)	Random string for replay protection
key_id	String	Platform-issued key ID
signature	String	Signature value

Signature Generation & Verification

Constructing the Signature String#

Signature Calculation#

HTTP Headers#

Constructing the Signature String

Signature Calculation

HTTP Headers