Shulou(Shulou.com)06/03 Report--

This article mainly introduces the example analysis of Wechat official account payment development, which has a certain reference value, interested friends can refer to, I hope you can learn a lot after reading this article, let the editor take you to know about it.

Business proc

The Wechat official website is still very detailed, with pictures. I'm going to say it again.

The user clicks a payment button-- > {A lot of processing in the background}-- > the user sees an interface for entering a password, including some information such as the amount of money-- > the user enters the password and comes up with a page on which the payment is successful (this part of the process is done by Wechat itself, and we don't have to do anything)-- > return to the system's own page (you can't let the user keep looking at a page where the payment is completed. Spent money, is distressed, quickly jump ah ~ later regret, how to apply for a refund. The poor engineer still has to develop a refund function)

Development process

1) get user authorization (it doesn't matter whether you do it or not, anyway, I haven't done it yet)

2) call Unified order issuing API to obtain prepaid id

3) H5 adjusts WeChat Pay's built-in JS

4) after the payment is completed, Wechat calls back the processing of URL

Looking at a large piece of text, is not very uncomfortable. I forgot where I saw a sentence. One picture instead thousands of words. The red part of the picture is what we need to do. There doesn't seem to be much.

The main part of this article begins (want to look at the code directly, paste the code, you may not be able to understand, not that the code is difficult, all kinds of separation, all kinds, not directly. If I understand, I may not be able to debug it. The last signature error, or $get_brand_wcpay_request:fail.$key0 still has to come back obediently to the parameters.) I have been a little stunned in learning English recently. All kinds of parenthesis. If you don't know anything, you can skip it. My friends always say that my jokes are different from others. I will tell a joke after the article.

1. Generate a unified order-issuing API to obtain prepay_id.

Required parameters = = name = = where to find them:

Wechat officials gave a detailed description of the parameters. Https://pay.weixin.qq.com/wiki/doc/api/jsapi.php?chapter=9_1 part of the parameters, still do not know where to find friends, please continue to look down

Appid = = apply ID== to log in to Wechat official account backend-Development-basic configuration

Mch_id = = WeChat Pay merchant number = = log in to WeChat Pay backstage, you can see

Device_info== device number = = terminal equipment number (store number or cashier device ID). Note: for payment on PC web page or official account, please send "WEB"

Body== product description = = brief description of the product or payment bill (I don't know what it is, it doesn't matter, just pass a string, casually pass a string in English. You will get a full mark for your wise decision at this time. If you are in Chinese, you may encounter clueless signature mistakes, and serious people begin to doubt life.

The value of trade_type== transaction type = = is as follows: JSAPI,NATIVE,APP. The JSAPI we use here. The title has already said that it is paid by the official account of Wechat.

Ps:JSAPI-- official account payment, NATIVE-- native code scan payment, and APP--app payment. For more information on the unified API for issuing orders, please see here. MICROPAY-- swipe card payment, payment by card has a separate payment interface, do not call the unified order issuing API

Nonce_str== random string = = random string, not longer than 32 bits

Ps: friends may be surprised at the name nonce. People on Wechat and team are always funny. I checked the encyclopedia, and the random number is also represented by nonce. It hurts a lot in an instant. Curious babies can look up the meaning of nonce in the Cambridge dictionary. Under my unremitting efforts

Found this. Nonce = = number used once. A sudden realization of the rush.

Notify_url== notification address = = receive WeChat Pay asynchronous notification callback address. Notification url must be a directly accessible url and cannot carry parameters. Here, what name should I give? Go ahead, you won't need it for a while anyway.

Out_trade_no== merchant order number = = the order number within the merchant system, which can contain letters within 32 characters (even more confused every time I read the official explanation of Wechat, right? It doesn't matter. I'll just pass it on. )

The total amount of total_fee== the total amount of the order (in order to test the project of the company, you have to pay your own money, and a penny is also money. Ps: at this time, I always remember that a classmate said that fly legs are also meat.

Openid== user ID = = trade_type=JSAPI. This parameter is required. It is the unique identity of the user under the merchant appid.

And the most important one, the important role always comes out at the end.

Sign== signature = = official signature algorithm. Https://pay.weixin.qq.com/wiki/doc/api/jsapi.php?chapter=4_3 . Do not understand, do not understand, you think you understand, it does not matter, do not encounter a few signature mistakes, have the nerve to say that they have done WeChat Pay development?

Speaking of this sign, there is a more important parameter. Parameters for participating signatures. Anyway, it took me a long time to find it. WeChat Pay, who applied for operation of the company, had this look on his face when I asked her for it.

Key==key setting path: Wechat Merchant platform (pay.weixin.qq.com)-> account Settings-> API Security-> key Settings

Here:

It's said on the Internet how to find it. I don't bother to look for it either. Think of a string directly, and then use MD5 to encrypt it into a 32-bit string and reset it.

This key value is used when generating sign signatures, so save it.

I think other people use a lot of sign, anyway, I just use the parameters given above to generate sign. (this refers to my blog, not Wechat. To reduce misunderstanding, post the parameters I used to generate the sign signature)

I generate parameters for sign signature

After the above parameters are prepared, they are encapsulated into XML

The format is as follows:

Wxb1427ebebexxxxxx XXX fee WEB 132186xxxx 6AED000AF86A084F9CB0264161E29DD3 https:// one domain name / api/wechatPay/jsapiPayNotify oo8WUt0taCqjt552htW1vw-xxxxx 1 various sorts + the sign 1 JSAPI generated by key

Call the unified order issuing address of Wechat: https://api.mch.weixin.qq.com/pay/unifiedorder

A moment to witness miracles. If all the above parameters are miraculously correct, you will receive the XML string returned by Wechat in the following format

That's what we need.

After prepay_id got the product, the first step is over. You can have a cup of tea, a popsicle and a little celebration. 2. H5 adjusts WeChat Pay's built-in JS

The parameters returned by the backend to the foreground should include the following:

AppId==, this is the same = = never change.

TimeStamp== timestamp = = Rule: https://pay.weixin.qq.com/wiki/doc/api/jsapi.php?chapter=4_2. After reading it, he still looks confused. It doesn't matter. We have tools. Who knows? just call it.

NonceStr = anyway I am using the same random string as the signature just now. It doesn't matter if you don't need it in theory. Diligent friends can try it.

Package== order details extension string = = the prepay_id parameter value returned by the API for issuing an order, such as: prepay_id=*** (you guessed it). Just now we worked so hard that the prepay_id we got was used here. The first time I used it, I kept taking the order ID to request, and then Wechat gave me the message that the request parameter was wrong and the parameter $key0 $was missing. Don't tell me I'm the only one. )

SignType== signature method = = signature algorithm. MD5 is supported temporarily.

PaySign== signature = = this signature, to be regenerated, in the background. Use 4 parameters such as above + a key (never change). (the timestamp I generated the signature is the same as the timestamp I sent back to the receptionist is timeStamp. Whether it is different or not, there is no verification)

Generate the code for paySign

NB: appid is lowercase I when prepay_id is generated, and appId is uppercase I when paySign is generated

So far, if all goes well, you will see a page like this.

But if you don't see this. It's a hint that the directory is not authorized, or the test account is not on the whitelist. I think this is the right way to open this blog.

WeChat Pay, at the backend of the official Wechat account, has a payment authorization directory and a test authorization directory in the development configuration.

Payment authorization directory: when developing, put it aside for a while. When dealing with Sino-Japanese relations, Grandpa Deng Xiaoping once said that we should put aside the problems that we cannot solve. )

Test Authorization Directory: this is what we need to fill in. Ask for an address that can be accessed by the external network. Ip can also be used (it can be tested by oneself). If your ip cannot be accessed from the external network, find a classmate of operation and maintenance to solve it. It is recommended to configure a domain name accessible to the public network for testing.

Test whitelist: this does not explain

Enter the password, and then you will see this result. (it doesn't need us to do anything.)

I'm so excited. Hurry up to get something to eat and restrain the excitement in your heart.

The rest, we have two more things to do. Let's start with something simple.

3. Jump back to a page of your own system after successful payment

Function onBridgeReady () {WeixinJSBridge.invoke ('getBrandWCPayRequest', {"appId": appId, / / official account name, passed by the merchant to "timeStamp": timeStamp, / / timestamp Number of seconds since 1970 "nonceStr": nonceStr, / / Random string "package": Package, "signType": signType, / / Wechat signature method: "paySign": paySign / / Wechat signature} Function (res) {if (res.err_msg = = "get_brand_wcpay_request:ok") {_ window.location.replace ("index.html") });}

The red part of the above code can be changed to the page you want to go to. Are you curious about what replace is. Move over here and take a look: http://www.php.cn/

4, the last part. Fighting

This section has the following three small steps

1) parse the stream information and verify the correctness of the information contained in the stream by re-signing. Is to judge whether this message was sent by Wechat or not.

2) if both return_code and result_code are SUCCESS, handle the business logic of the merchant. That is, the payment status of the order, ah, and other information.

3) tell Wechat that I received your return value. You don't have to send it anymore.

The explanation of the above three points. That's what Wechat officials say.

/ / after the payment is completed, Wechat will send the relevant payment and user information to the notification set by the merchant URL,// to verify the signature and respond to Wechat. / / when a pair of backend notifications interact with each other, if Wechat receives a response from a merchant that is not successful or timed out, Wechat believes that the notification failed. / / Wechat will regularly re-initiate the notification through certain strategies (for example, 8 times in 30 minutes), and / / improve the success rate of the notification as much as possible, but Wechat does not guarantee that the notification will be successful in the end. / / merchants add their own processing flow, / / for example: update order status / / for example: database operation / / for example: push payment completion information

Remember the notify_url when we generated the prepaid id (prepay_id) in the first step. If you don't remember, please turn it up. If only a random one had been written at that time, it would need to be changed.)

An accessible action. The same address needs to be accessible from the external network. Did not try to see if ip works. When developing this function, the operation and maintenance students have already configured the test domain name. I'm so happy that I finally don't have to worry about some interactive configuration anymore.

Unlike Alipay, Wechat returns stream. Unlike Alipay, Wechat returns stream. Unlike Alipay, Wechat returns stream. Important things are to be repeated for 3 times

After parsing, the format looks like this

one

Explain the first and third points above.

Complain again. Wechat really likes to use autographs. The whole process, sign three times. I am speechless.

1) We see that the xml returned by Wechat above contains many fields. Use the unexpected value of sign + key in the above xml to sign. You read it right. Contains result_code and return_code.

The official Wechat has an explanation for the signature.

Forgive me for not learning Chinese for a long time. I really don't understand this sentence. I re-sign it with the parameters passed in the Wechat callback function. Silly, still thinking, with the second signature is the parameter to sign, how to do the timestamp, whether to store in the database.

Compare the obtained signature with the sign in xml, and if the same, it is proved to be the notification returned by Wechat. If not, your notification address may have been cracked by hackers. Do you want to tell the boss? tell the boss, how can I solve it?

2) merchant logic processing, no explanation

3) tell Wechat that I have received your notice and do not need to send it again.

How to tell Wechat. I went through Wechat's documents, but I couldn't find a reply to Wechat notifying this url.

As people know, it once again refreshes the cognitive view. Use response.

That's what I wrote.

Response.getWriter () write (xml)

This xml is the stream converted string that Wechat gave you.

The return_code in xml is SUCCESS or FAIL.

Don't ask me how I know. It's in the official demo.

If ($notify- > checkSign () = = FALSE) {$notify- > setReturnParameter ("return_code", "FAIL"); / / return status code $notify- > setReturnParameter ("return_msg", "signature failed"); / / return message} else {$notify- > setReturnParameter ("return_code", "SUCCESS"); / / set the return code} $returnXml = $notify- > returnXml ()

According to this method, the returned data. After not receiving a notice from Wechat.

Before, in the test, after returning the string, I did not receive a notification from Wechat. I accidentally checked the log these two days and found that Wechat had been notified all the time, not necessarily eight times. Judging from the printed log,

Four times, six times. All of a sudden, I feel dizzy. If you have friends who understand, please give me some advice.

Thank you for reading this article carefully. I hope the article "sample Analysis of the Development of Wechat official account" shared by the editor will be helpful to everyone. At the same time, I also hope that you will support and follow the industry information channel. More related knowledge is waiting for you to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.