API Document

# How to Get an API Key

Operation Path

Log in to the Merchant Backend -> Go to the Developer Center -> Click on the API Key menu -> Edit -> Click on Create

# Configuration Instructions

  • Each API Key comes with an independent configuration page, where you can bind fixed IP addresses.
  • If the IP is set to 0.0.0.0, it means no IP restrictions, and any source IP can access the interface.
  • It is recommended to create different API Keys for different business scenarios/systems to achieve access control and flexible management.

# Important Notes

  • Access Key and Secret Key are your identity credentials. Please keep them safe and do not disclose them to third parties.
  • Secret Key is only displayed once during creation, so please make sure to save it immediately.
  • If you forget your Secret Key, please log in to the backend, revoke the current key pair, and apply for a new API Key.

# How to Create an API Key

  1. Choose whether to enable debug mode
    1. When enabled, if the interface call fails, the system will provide standardized error messages and log URLs to help with troubleshooting.
    2. Tips: To ensure production environment security, please turn off debug mode after testing to prevent sensitive information leakage.
  2. Select API Key permissions
    1. Choose the appropriate permissions based on your business needs (e.g., read-only, transaction, callback permissions, etc.).
  3. Enter the whitelist addresses
    1. You can specify the IP or domain whitelist that is allowed to access this API Key.
    2. Multiple addresses can be specified, separated by commas ,. Example: 192.168.1.1,10.0.0.1,www.example.com
    3. If you enter 0.0.0.0, it means no IP restriction, and any source can access (not recommended for production environments).
  4. Click to create the API Key
    1. After successful creation, the system will generate a pair of Access Key and Secret Key.
    2. ⚠️ Important: The Secret Key is only displayed once during creation. Please make sure to save it properly. If you forget the Secret Key, please go to the backend to revoke the current key pair and apply for a new one.

img

# Edit API Key

  • Click the Edit button to adjust the following:
    • Enable / Disable [Debug Mode]
    • Modify API Key permissions
    • Update whitelist addresses
  • After making the changes, click Save to apply the changes.

** Please note: It may take about 90 seconds for the API Key to take effect after creation or editing.** During this period, interface calls may still use the old configuration. Please wait patiently before making requests for verification.

img

# Using API Key

The current API Key needs to add the following parameters in the Header of the request:

Parameter Description Type Required
access_key API Key access key (e.g., TPhoa7ZQ) String Yes
timestamp Millisecond timestamp (13 digits, e.g., 1679669488472) String Yes
nonce UUID (36 characters, e.g., 02f7a04f-53cc-47d4-bb3f-fae69dab49ac), composed of 5 parts: 8-4-4-4-12 characters, separated by hyphens String Yes
sign Signature string (e.g., GXx2wYUD6UVr+zcmeCSFFPzcBLA=) String Yes

Signature Guidelines