English | 简体中文 | 繁體中文 | Русский язык | Français | Español | Português | Deutsch | 日本語 | 한국어 | Italiano | بالعربية
1.What is third-party payment
So-called third-party payment refers to the transaction support platform provided by some third-party independent institutions that have signed agreements with major banks and have certain strength and credit guarantee. In the transactions through the third-party payment platform, after the buyer selects the goods, the buyer uses the account provided by the third-party platform to make the payment, and the third party notifies the seller that the payment has reached.
Currently, there are many institutions providing third-party payment services, common ones include Alipay, Tenpay, Quick Money, Bank Online, YeePay, Yunwang, and other major payment platforms. If a website needs to implement third-party payment, it should first apply for an account and sign an agreement with the third-party payment platform. After the agreement takes effect, the third-party payment platform will open online payment services for it, and integrate the interface into the website through programming.
Why use third-party payment? Because third-party payment platforms have already signed agreements with major banks, and website owners only need to apply for an account on this platform to support almost all types of bank card credit card transactions.
2.Principle of third-party payment
The above briefly describes the payment process, of course, some steps are omitted (such as shopping cart, order, etc.), and we focus on the payment process.
2.1The user initiates a request to confirm the order with the mall website
2.2The mall website receives the request and saves the order data to the database or other storage medium
2.3Return to the order confirmation page, where the order amount and other information should be displayed
2.4The user confirms the payment and initiates a payment request. Note: The payment request is sent to the payment gateway (such as Alipay, Bank Online) rather than sent to the mall website.
2.5Display the payment page
2.6The user fills in the authentication information (account password, etc.) and submits
2.7There are two steps here: one is to jump to the payment result page (displayed to the user) after the deduction is successful, and the other is the payment notification. These two steps do not have an order of priority and may be executed simultaneously. After the mall website receives the payment notification, it verifies the validity of the information according to the verification rules and makes corresponding change operations (for example: if valid, change the order to the paid status; if invalid, record illegal request information).
Taking Alipay as an example: if you want to integrate the Alipay interface into a website, you first need to have an Alipay account, then apply for online payment services from Alipay and sign the agreement. After the agreement takes effect, Alipay will provide the website with a partner ID and a security verification code. With these two things, you can develop the Alipay interface according to the Alipay interface document. Only the following steps in the figure above are required.4and}}7there are information exchanges between the mall and the payment gateway. In the steps4refers to sending data to the payment gateway (Alipay), in the steps7is the notification verification part, which verifies the gateway request to a certain address on the website, and the website verifies the information according to the verification rules, records and responds. We almost focus on the development of these two parts when developing any payment interface, understand the principle of payment interface development, and it's not difficult to develop a payment interface.
3. Alipay Interface Development
3.1Interface Introduction and Test
Alipay currently provides several interfaces such as guarantee trade, standard instant payment, dual-function, etc., which have some differences in functionality, but the website integration method is the same. Taking the standard instant payment interface as an example, after signing a contract with Alipay, several steps are needed to complete the integration.
Select 'I want to integrate myself' and click the link you will see next to download the technical documentation.
There are standard Alipay transaction service interfaces, merchant tools, interface integration guidelines, and other documents in the files downloaded after the download, as well as demos written in several languages. We can develop a new one according to the interface documentation or modify and integrate it into the website based on the demo. It should be noted that the development of payment interfaces can only be completed by accessing the public network (the server must be accessible via the internet) to complete the entire debugging process. If the server is not accessible via the internet, it will not be able to receive payment notifications.
Let's take a look at the role of each file in the demo:
It has been downloaded here (see the pay folder in the resource directory), and several files have been modified to facilitate debugging, and a data table has been added to save order information. Let's modify the configuration file to complete a test process.
alipay_config.php is the basic information configuration file. We need to write the PID and Key obtained from the Alipay background into the configuration file.
Configuration items:
The data in the box is what we need to focus on modifying. The difference between the payment notification address and the return address has been mentioned earlier, in the steps7There are two items: the payment result page and the payment notification information. The payment result page is the address to which the user will be automatically redirected after completing the payment, which is the return address ($return_url).
The payment notification address is the same as the URL that Alipay will request after the user completes the payment ($notify_url). However, the payment notification is requested directly by the Alipay server and will not be seen by the user. Both addresses must be in the full path format starting with http. To complete the test process, the following has been set up here:/pay/alipay/Modify the notify_url.php, set $notify_url to the URL that can access this file. After these configurations are done, according to the database script (pay/orders.sql) to create a data table and modify mysql_config.php according to the database configuration information. By making simple modifications to the Alipay provided demo, we can complete the creation of a payment request (steps)4Modified, here we changed the payment homepage and other pages (see the source code package pay directory). Let's test it first:
A record of 'Order Information' was added to the database.
If you click the 'Confirm Payment' button or the confirmation payment link, it will jump to the Alipay page. When you click the button, the information is submitted to the payment gateway through the form POST method. Since the payment request data does not need to be displayed to the user, it is all written in hidden fields. The confirmation payment link is transmitted through URL parameters because Alipay interface allows POST or GET submission, so both methods can be used. After submitting the parameters to the payment gateway, the page jumps to the payment page. As shown in the following figure:
We can see that Alipay provides us with two payment methods: one is to pay through the Alipay account, and the other is to pay through the bank card. For example, if you choose to pay by bank card, fill in the email or mobile number and jump to the following page:
Almost all bank card payments are supported by Alipay when we open an order, and there are also payment methods such as credit cards and branches. Choose the corresponding bank, click the next step according to the prompt, and pay. After the payment is completed, the page will return to the $return_url address configured in the configuration file, and the 'Order Status' will also change.
Note: If the test is not carried out on the external network (i.e., the payment notification address cannot be accessed on the external network), the payment notification cannot be requested, and the order status cannot be automatically modified.
3.2Alipay interface specification and code analysis
You can refer to the Alipay interface specification/pay/doc/Standard Alipay Transaction Service Interface (dedicated for anti-phishing websites).Pdf, which already has a detailed description.
3.2.1How to create a payment request
In the previous test, we clicked on 'Confirm Payment' and submitted the information to Alipay's payment gateway. We can think about what parameters should be sent to the payment gateway. For the list of request parameters, you can refer to the Standard Alipay Transaction Service Interface (dedicated for anti-phishing websites) in the Pdf.3.2.2.It should be noted that it is not enough to submit these parameters unchanged to Alipay; in order to ensure data security, Alipay currently uses MD5Signature to prevent data tampering mechanism.
Before submitting the data, the data to be submitted needs to be assembled into a string according to certain rules (see the interface document), added with a security check code (Key) to form a new string, and transmitted through MD5Generate one32The byte's signature, we also need to submit this signature when we submit the payment request. Let's take a look at the source code of the form
Alipay will verify the legitimacy of the request parameters after receiving the parameters, and after verification, the payment page will be displayed, otherwise, an error will be prompted.
3.2.2 How to verify the payment notification
After the user completes the payment, Alipay will request the website payment notification address (this address should be passed as a parameter when creating the payment request). See the standard Alipay trading service interface (used for anti-phishing websites) for the list of returned parameters. Pdf3.3.1Similarly, the return data of Alipay also has a signature string (using the same signature method as the payment request), and the first thing to do in the payment notification file is to verify the signature of the data. In addition to verifying the signature, it is also necessary to submit the notify_id in the parameters to the Alipay verification gateway and verify the authenticity of this notification. The Alipay system determines whether the notification is sent by itself, and returns true if it is returned in string format, otherwise false. We verify the authenticity of the request by verifying the server's returned data, and if all the verifications pass, we can perform operations such as changing order data and sending email notifications to users. You can check the source code in the notification file for information about verifying the signature. In the demo, the notify_id in the parameters is submitted to Alipay through POST method and the returned data is obtained. Code snippet:
The key point here is the fsockopen function, which we have encountered when sending emails. This function opens a socket connection, similar to the fopen function we learned before, which returns a file handle. After that, you can use file functions (fgets(), fgetss(), fputs(), fclose(), feof(), etc.) to operate on it. The code uses the fputs() (same as fwrite()) function to write data to simulate form submission in POST method, and finally, use the fgets() function to get the returned data and save it to an array, and then perform verification. Refer to the source code for details.
That's all for this article. I hope it will be helpful to everyone's learning and that everyone will support the Yelling Tutorial more.
Declaration: The content of this article is from the Internet, and the copyright belongs to the original author. The content is contributed and uploaded by Internet users spontaneously. This website does not own the copyright, has not been manually edited, and does not assume any relevant legal liability. If you find any content suspected of copyright infringement, please send an email to: notice#oldtoolbag.com (Please replace # with @ when sending an email to report abuse, and provide relevant evidence. Once verified, this site will immediately delete the infringing content.)