# Authentication Method

Calling the IEPay API requires no complicated authentication methods, just a signature for each request.

# How to sign

# Signature Instructions

When calling the API, a signature must be provided as authentication for each request.

IEPay's signature algorithm uses the MD5 (opens new window) signature algorithm. MD5 signatures require a private key.

The MD5 signature requires a private key, which is a 32-byte string of letters and numbers.

You need to log in to the Merchant Service Center (opens new window) to get the API Key as the private key required for MD5 signature.

The API Key is the merchant's identity in the IEPay system, so store it securely and make sure it is not disclosed.

# Algorithm

Therefore, IEPay's signature algorithm is.

sign = MD5(pre-signed string + API_KEY)

# Pre-signed strings

A pre-signed string is a string that consists of all parameters except the sign parameter rearranged in alphabetical order and concatenated with &.

TIP

  1. parameters without values must be included in the signature
  2. the character set in the signature must be the same as the one used previously
  3. if _input_charset is passed, it should also be signed. According to the HTTP protocol, special characters like &, @ require URL encoding so that the request recipient can get the correct value. In this case, the pre-signed string should be the original value, not the encoded string. For example, if an API call requires a signature for the parameter email, the pre-signed string should be an email address: test@msn.com, not an email=test%40msn.com.

# Example

If the JSON structure of a parameter is as follows

{
    "mid": "10224",
    "pay_type": "IE0014",
    "refund_amount": "1",
    "out_trade_no": "20180402112304123210122312",
    "reference": "reference memo".
}

Then rearrange the data alphabetically, and join the rearranged arguments together with & to obtain a pre-signed string of

mid=10224&out_trade_no=20180402112304123210122312&pay_type=IE0014&reference=refund memo&refund_amount=1

Suppose our API KEY is

e560fb2e61e4d1fe6a11c278388cb965

The calculated pseudo-code of our sign is

sign = md5(mid=10224&out_trade_no=20180402112304123210122312&pay_type=IE0014&reference=refund memo&refund_amount=1e560fb2e61e4d1fe6a11c278388cb965)

The results are

f45a1a2db58b43b48d51ab2fc18e0914

f45a1a2db58b43b48d51ab2fc18e0914 This is our signature. Just bring it into the corresponding API.