tencent cloud

Signature and Verification
Download PDF
Last updated: 2025-12-05 22:40:43
Signature and Verification
Last updated: 2025-12-05 22:40:43
Download PDF

Description of Signature Verification Algorithm for Virtual Payment Requests

The pay_sig parameter uses a signature algorithm that signs the payment request with the appkey obtained from the superapp. This indicates that the request is initiated by the developer’s server-side payment module. The signature algorithm pseudocode is as follows:
paySig = to_hex(hmac_sha256(appKey,method + '&' + signData))
  import hmac
  import hashlib
  import urllib.parse

  # sign_data: The original payment string. Note that sign_data must be exactly the same as the parameters sent from the frontend, including spaces and line breaks. It is recommended to generate and send it from the backend.
  # appKey
  # method
  def gen_pay_sig(sign_data, appkey, method):
      need_encode_body = method + '&' + sign_data
      print(need_encode_body)
      return hmac.new(key=appkey.encode('utf-8'), msg=need_encode_body.encode('utf-8'),
              digestmod=hashlib.sha256).hexdigest()

Virtual Payment Callback Signature

The signature algorithm for the pay_event_sig parameter, which uses the virtual payment key in the superapp to sign the paid request, represents that the request was initiated through the superapp platform. The signature algorithm pseudocode is as follows:
pay_event_sig = to_hex(hmac_sha256(app_key, event + '&' + payload))
You can refer to the following Python example for the implementation of calc_pay_event_sig:
● event is the type of event pushed
●app_key Virtual payment key configured for superapp.
● payload is the data being pushed, corresponding to the payload in the mini game structure. Refer to the specific push request parameter description.

#!/usr/bin/python
# -*- coding: utf-8 -*-
""" Example for calculating PayEventSig signature """
 
import hmac
import hashlib
 
 
def calc_pay_event_sig(event, payload, app_key):
    """ pay_event_sig signature algorithm
      Args:
          event - event type create order incoming event
          payload - Event payload, the payload in the notification message, e.g.,{"OpenId":"to_user_openid","OutTradeNo":"xxxxxxx","WeChatPayInfo":{"MchOrderNo":"xxxxxxx","TransactionId":"xxxxxxx"},"Env":0,"CoinInfo":{"ZoneId":"1","TotalPrice":100,"BuyQuantity":1,"OrigPrice":100}}
          app_key - AppKey configured in the superapp
      Returns:
          Payment request signature pay_event_sig
    """
    need_sign_msg = event + '&' + payload
    pay_sig = hmac.new(key=appkey.encode('utf-8'), msg=need_sign_msg.encode('utf-8'),
                       digestmod=hashlib.sha256).hexdigest()
    return pay_sig
Was this page helpful?
You can also Contact Sales or Submit a Ticket for help.
Yes
No

Feedback