tencent cloud

Signature and Verification
Download PDF
Last updated:2026-01-16 19:30:02
Signature and Verification
Last updated: 2026-01-16 19:30:02
Download PDF

Virtual payment request signature algorithm

The pay_sig parameter uses a signature algorithm that signs the payment request with the AppKey obtained from the superapp. This indicates that the request is initiated by the developer’s server-side payment module. The signature algorithm pseudocode is as follows:
paySig = to_hex(hmac_sha256(appKey,method + '&' + signData))
  import hmac
  import hashlib
  import urllib.parse

  # sign_data: The original payment string. Note that sign_data must be exactly the same as the parameters sent from the frontend, including spaces and line breaks. It is recommended to generate and send it from the backend.
  # appKey
  # method
  def gen_pay_sig(sign_data, appkey, method):
      need_encode_body = method + '&' + sign_data
      print(need_encode_body)
      return hmac.new(key=appkey.encode('utf-8'), msg=need_encode_body.encode('utf-8'),
              digestmod=hashlib.sha256).hexdigest()

Virtual payment callback signature

The pay_event_sig parameter uses a signature algorithm that signs the payment event request with the virtual payment key from the superapp, indicating the request is initiated via the superapp backend service. The signature algorithm pseudocode is as follows:
pay_event_sig = to_hex(hmac_sha256(app_key, event + '&' + payload))
You can refer to the calc_pay_event_sig implementation in the following Python example, where:
●event is the type of the pushed event.
●app_key is the virtual payment key configured for the superapp.
●payload is the data for this push, corresponding to the payload within the minigame structure; refer to the specific push request parameter documentation for details.

#!/usr/bin/python
# -*- coding: utf-8 -*-
""" Example of PayEventSig signature calculation algorithm """
 
import hmac
import hashlib
 
 
def calc_pay_event_sig(event, payload, app_key):
    """ pay_event_sig signature algorithm
      Args:
          event - event type, e.g., pass event when creating an order
          payload - data corresponding to the event, such as the payload in the notification message,
                      e.g. {"OpenId":"to_user_openid","OutTradeNo":"xxxxxxx","WeChatPayInfo":{"MchOrderNo":"xxxxxxx","TransactionId":"xxxxxxx"},"Env":0,"CoinInfo":{"ZoneId":"1","TotalPrice":100,"BuyQuantity":1,"OrigPrice":100}}
          app_key - virtual payment key configured by superapp
      Returns:
          Payment request signature pay_event_sig
    """
    need_sign_msg = event + '&' + payload
    pay_sig = hmac.new(key=appkey.encode('utf-8'), msg=need_sign_msg.encode('utf-8'),
                       digestmod=hashlib.sha256).hexdigest()
    return pay_sig
Was this page helpful?
You can also Contact Sales or Submit a Ticket for help.
Yes
No

Feedback