If success, http statusCode it must be 200
- statusCode is the http status of response to your request . If success,it must be 200. If you do not return a status code value of 200, we will retry the response to your webhook address.
Next, we will introduce the process and methods of encryption and decryption.
Encryption and Decryption technology solution
The encryption and decryption technical solution is implemented based on the AES encryption and decryption algorithm, as follows:- clientSecret: This is the message encryption and decryption Key. The length is fixed at 24 characters. ClientSecret is used as the encryption key.
- AES adopts CBC mode, the secret key length is 24 bytes (192 bits), and the data is filled with PKCS#7; PKCS#7: K is the number of bytes of the secret key (24 is used), Buf is the content to be encrypted, N is its number of bytes. Buf needs to be filled to an integer multiple of K. Fill (K - N%K) bytes at the end of Buf, and the content of each byte is (K - N%K).
- The IV length of AES is 16 bytes, and clientId is used as the IV.
- dataEncrypt = AES_Encrypt( data, clientId, clientSecret ) Among them, data is the body content we need to transmit, clientId is the initial vector, and clientSecret is the encryption key.
Message body verification and decryption
The developer first verifies the correctness of the message body signature, and then decrypts the message body after passing the verification.
Ways of identifying:
- The developer calculates the signature,compareSignature=sha1(sort(clientId、timestamp、nonce, dataEncrypt))
- Compare compareSignature and the signature in the body to see if they are equal. If they are equal, the verification is passed.
- data = AES_Decrypt(dataEncrypt, clientSecret);
- To use nodejs or python or java for encryption.
- Assume that our webhookUrl has obtained the corresponding data, such as the following corresponding data
- To verify the correctness of the signature and decrypt the content, clientId and clientSecret are required.