Authentication

The Metaprise API uses API keys to authenticate requests.

Your API keys carry many privileges, so be sure to keep them secure! Do not share your secret API keys in publicly accessible areas such as GitHub, client-side code, and so forth.

Data Method

APIs that adhere to the REST architectural constraints are called RESTful APIs, or simply REST APIs. The Metaprise HTTP-based REST APIs are defined with the following aspects:

Standard HTTP methods

MethodDescription
GETRequest details from the Metaprise platform, such as retrieving payment details.
POSTSend details to the Metaprise platform, such as creating a payment.

Digital Signature

In order to ensure the authenticity and integrity of a message, software, or digital document, a digital signature is required. It’s the equivalent of a handwritten signature or stamped seal, but it offers far more inherent security.

Digital signatures work through public key cryptography’s two mutually authenticating cryptographic keys. The individual who creates the digital signature uses a private key to encrypt signature-related data, while the only way to decrypt that data is with the signer’s public key (TechTarget).

Step 1, Signature combination

Whether it’s a request or a response, or it’s using GET or POST, the signature query string is assembled into a string as follows:

  • Except for the sign field, all parameters are sorted by ASCII code from smallest to most significant using QueryString format (i.e. key1=value1&key2=value2…). The null value is not passed and does not participate in the signature group string
  • All parameters refer to all non-null parameters that actually appear in the communication process. Even if the fields are not defined in the API, they still need to participate in the signature query string. If the field test is not in the API, and the test has a value when the merchant requests it or Metaprise responds, this field must also participate in the signature query string.
  • In the query string, the field name and the field value are the original values, and the URL will not be encoded
  • The response or notification messages returned by Metaprise may have additional parameters due to the upgrade. Please allow this when validating the response signature

Step 2, Signature Algorithm

We support MD5 signature only at the current stage.

An MD5 signature is also called an MD5 path or hash. A MD5 hash is typically expressed as a 32-digit hexadecimal number (this is an example of MD5 hash : 703862f5d0ee949ef9fc97c4be2dc6f5). This hash represents a signature (or footprint) of the data (usually a file or a text).

MD5 signature calculation formula:

sign=MD5(query string&key=merchant key)

Example:

Signature string:
amount=100&bid=py_live_0I9fPdXQWhzZPurCVe8y2AHx¤cy=USD

Merchant key:
8db4a013a8b515349c307f1e448ce836

Signature Result:
sign=md5(amount=100&bid=py_live_0I9fPdXQWhzZPurCVe8y2AHx¤cy=USD&key=8db4a013a8b515349c307f1e448ce836)= 83CF60EAC2011E1D9A5C440C3C7E62C4