If the notifyurl parameter is passed, onlinepay will notify the address of the payment result
Overview#
This document describes the interface specification for the payment system to send refund notifications to merchants, including parameter descriptions, signature verification methods, and other detailed information.Content-Type: application/json; charset=UTF-8
Notification URL: Merchant configured refund notification URL
Success Indicator: Merchant returns string "SUCCESS"
Request Parameters#
Basic Parameters#
| Parameter | Type | Required | Description |
|---|
| state | String | Yes | Refund status: 0-Success, 1-Failed |
| tradeNo | String | Yes | Platform transaction number |
| merOrderNo | String | Yes | Merchant order number |
| refundNo | String | Yes | Refund order number |
| message | String | No | Refund result description |
| refundAmount | String | Yes | Refund amount |
| refundCurrency | String | Yes | Refund currency |
| sign | String | Yes | Signature value |
Parameter Example#
{
"state": "0",
"tradeNo": "T202309011234567890",
"merOrderNo": "MER20230901001",
"refundNo": "R202309011234567890",
"message": "Refund successful",
"refundAmount": "100.00",
"refundCurrency": "USD",
"sign": "abc123def456..."
}
Signature Verification#
The system supports two signature methods: MD5 signature and RSA signature.MD5 Signature Verification#
Signature Generation Steps#
1.
Parameter Sorting: Sort all parameters (except sign) in alphabetical order by parameter name
2.
Value Concatenation: Concatenate parameter values in sorted order (ignore empty values)
3.
Add Key: Append the merchant's MD5 key to the end of the concatenated string
4.
Generate Signature: Perform MD5 encryption on the final string to get the signature value
Signature Example#
Assuming the following parameters:state = "0"
tradeNo = "T202309011234567890"
merOrderNo = "MER20230901001"
refundNo = "R202309011234567890"
message = "Refund successful"
refundAmount = "100.00"
refundCurrency = "USD"
md5Key = "your_md5_key"
MER20230901001Refund successful100.00USDR2023090112345678900T202309011234567890your_md5_key
RSA Signature Verification#
Signature Generation Steps#
1.
Parameter Sorting: Sort all parameters (except sign) in alphabetical order by parameter name
2.
Formatting: Concatenate parameters in key1=value1&key2=value2 format
3.
RSA Signing: Sign the concatenated string using SHA256WithRSA algorithm and private key
4.
Encoding: Base64 encode the signature result
Signature Example#
Using the same parameters, the RSA signature string format would be:merOrderNo=MER20230901001&message=Refund successful&refundAmount=100.00&refundCurrency=USD&refundNo=R202309011234567890&state=0&tradeNo=T202309011234567890
Response Requirements#
After receiving the refund notification, the merchant needs to return the string "SUCCESS" to indicate successful receipt.Success Response Example#
Security Recommendations#
1.
Verify Signature: Always verify the signature of each notification to ensure the authenticity of the notification source
2.
Idempotent Processing: Due to the retry mechanism, merchants should implement idempotent processing to avoid duplicate processing of the same refund notification
3.
HTTPS: It is recommended to use HTTPS protocol to receive notifications to ensure data transmission security
4.
IP Whitelist: Configure IP whitelist to allow only specific IPs to send notifications
