WasabiCard
English
English
  • Welcome
  • Getting Started
    • Update Log
    • Quick Start
  • Basic
    • Common API
    • Account API
    • Bank Card
      • Card Management
      • Cardholder Management
    • Notification Subscription
Powered by GitBook
On this page
  • Endpoint
  • Glossary
  • Authentication
  • Signature
  • demo
  • Request Template
  • Response Template
  • Response Code
  1. Getting Started

Quick Start

Endpoint

https://sandbox-api-merchant.wasabicard.com

You need to contact the open platform staff to add the merchant server's IP whitelist.

Glossary

  1. api-key: unique identifier of the merchant.

  2. merchant-public-key: merchant RSA public key.

  3. merchant-private-key: merchant RSA private key.

  4. wsb-public-key: open platform RSA public key.

The above parameters can be obtained and updated in the merchant backend.

Authentication

Use api-key to authenticate the request. Merchants need to put X-WSB-API-KEY in the request header every time they make a request.

Signature

To ensure the security of API calls, each request and response needs to be verified for message integrity through signature.

Merchant requests API are signed with merchant RSA private key and verified with merchant RSA public key;

Merchant requests responses are signed with platform RSA private key and verified with platform RSA public key;

Notification subscriptions are signed with platform RSA private key and verified with platform RSA public key.

The signing rules are as follows:

  1. The merchant sends a request to the development platform, signs it with the merchant's RSA private key, and the open platform verifies the signature with the merchant's RSA public key;

  2. The open platform interface responds and sends notifications to the merchant, signs it with the platform's RSA private key, and the merchant verifies the signature with the platform's RSA public key;

  3. Signing is to encrypt the HTTP request body, and all requests are called using the POST method;

  4. Use sha256 RSA to sign it and then use base64 as the signature string;

  5. Put the encrypted signature string signature in the HTTP header X-WSB-SIGNATURE field.

If the interface does not require request parameters, please construct an empty JSON object for body for transmission and signing.

demo

Contains code information such as mobile area code, region, etc.; and java-demo

Request Template

POST ${uri}

Headers

Name
Value

Content-Type

application/json

X-WSB-API-KEY

${api-key}

X-WSB-SIGNATURE

${signature}

Response Template

Headers

Name
Value

Content-Type

application/json

X-WSB-SIGNATURE

${signature}

Response

{
    "success": true, //当code=200时为true
    "code": 200,
    "msg": "Success",
    "data": null
}

Response Code

code
含义

200

Success

500

Internal service error. Please contact WasabiCard staff

-1

Business error code. This is a normal situation, for example, the user purchases more cards than the limit.

40002

Param error

40020

Duplicate order number

40021

Insufficient balance

50001

The api key and signature parameters are empty

50002

Signature verification failed

50003

Signature failed

50004

Merchant does not exist

PreviousUpdate LogNextCommon API

Last updated 1 month ago

13MB
demo.zip
archive