API overview
WorldFirst(Alipay) offers a set of Application Programming Interfaces (APIs) that provides the ability for integration. You can use POST
method to send HTTPS requests and receive responses accordingly.
The following section introduces the message structure and message transmission workflow.
Versioning
WorldFirst(Alipay) APIs are backward compatible. Earlier clients are adaptable to newer API releases.
Environment
The domain name for the production environment is http://remit3.sit.dl.alipaydev.com
.
Message structure
Before you make any request, it is important to understand how WorldFirst(Alipay) API works and how requests and responses are structured. This section provides general information (such as message structure, message fields, and message transmission) of online messages between a partner and WorldFirst(Alipay).
Request structure
The following figure illustrates the request structure.
Figure 1. Request structure
The following curl example depicts the general structure of a message:
curl -X POST \
http://remit3.sit.dl.alipaydev.com/amsin/api/v1/payments/inquiryQuotes \
-H 'Content-Type: application/json; charset=UTF-8' \
-H 'Client-Id: 5J5Y307NSG5GB700810' \
-H 'Request-Time: 2019-04-04T12:08:56+05:30' \
-H 'Signature: algorithm=RSA256, keyVersion=2, signature=KEhXthj4bJ801Hqw8kaLvEKc0Rii8KsNUazw7kZgjxyGSPuOZ48058UVJUkkR21iD9JkHBGRrWiHPae8ZRPuBagh2H3qu7fxY5GxVDWayJUhUYkr9m%2FOW4UQVmXaQ9yn%2Fw2dCtzwAW0htPHYrKMyrTpMk%2BfDDmRflA%2FAMJhQ71yeyhufIA2PCJV8%2FCMOa46303A0WHhH0YPJ9%2FI0UeLVMWlJ1XcBo3JrbRFvcowQwt0lP1XkoPmSLGpBevDE8%2FQ9WnxjPNDfrHnKgV2fp0hpMKVXNM%2BrLHNyMv3MkHg9iTMOD%2FFYDAwSd%2B6%2FEOFo9UbdlKcmodJwjKlQoxZZIzmF8w%3D%3D' \
-d '{
"quoteBizScene": "REF_QUOTES"
}'
Request URL
The requested URL is:
https://{host}/amsin/api/v1/{restfulPath}
where,
host
is the standard domain name assigned by Platform.
restfulPath
is the path to the interface.
An interface can be uniquely identified by restfulPath
.
Request method
POST method is used to make an HTTP request.
Request header
The request header mainly contains the following fields.
Header field | Required | Code sample |
Signature | Yes | Signature: algorithm=RSA256, keyVersion=2, signature=**** |
Content-Type | Yes | Content-Type: application/json; charset=UTF-8 |
Client-Id | Yes | Client-Id: **** |
Request-Time | Yes | Request-Time: 2019-04-04T12:08:56+08:00 |
Table 1. Request header
For details of each header field, see the following descriptions.
Signature
A signature contains key-value pairs that are separated by a comma (,). Each key-value pair is an equation, which is a key joined with its value by an equal sign (=). A Signature is required for creating a request header.
The following keys can be configured:
algorithm
: Specifies the digital signature algorithm that is used to generate the signature. The value is not case-sensitive. RSA256 and ECC224 are supported, and RSA256 is used by default.keyVersion
: Specifies the key version that is used to generate or validate the signature. By default, the value is the latest version of the key associated withclient-Id
.signature
: Contains the signature value of the request.
Example:
signature: algorithm=RSA256, keyVersion=2, signature=KEhXthj4bJ801Hqw8kaLvEKc0Rii8KsNUazw7kZgjxyGSPuOZ48058UVJUkkR21iD9JkHBGRrWiHPae8ZRPuBagh2H3qu7fxY5GxVDWayJUhUYkr9m%2FOW4UQVmXaQ9yn%2Fw2dCtzwAW0htPHYrKMyrTpMk%2BfDDmRflA%2FAMJhQ71yeyhufIA2PCJV8%2FCMOa46303A0WHhH0YPJ9%2FI0UeLVMWlJ1XcBo3JrbRFvcowQwt0lP1XkoPmSLGpBevDE8%2FQ9WnxjPNDfrHnKgV2fp0hpMKVXNM%2BrLHNyMv3MkHg9iTMOD%2FFYDAwSd%2B6%2FEOFo9UbdlKcmodJwjKlQoxZZIzmF8w%3D%3D
Content-Type
content-Type
indicates the media type of the body of the request, as defined by RFC2616. In which, charset
is used for generating/validating the signature and encrypting/decrypting content.
Example:
content-type: application/json; charset=UTF-8
Client-Id
Required. client-Id
is used to identify a client and is associated with the keys that are used for signature and encryption.
Request-Time
Required. request-Time
specifies the time when the request is sent, as defined by ISO 8601.
Example:
Request-Time: 2019-04-04T12:08:56+08:00
Request body
The request body contains the detailed request information in JSON format. Fields enclosed in the request body section vary depending on services. For more information, see the instructions of the specific message interface.
Response structure
The following figures illustrate the response structure:
Figure 2. Response structure
Response header
The response header carries the information about the response, mainly containing the following fields.
Note: Field names are case-insensitive.
Header field | Required | Code sample |
Signature | Yes | Signature: algorithm=RSA256, keyVersion=2, signature=**** |
Content-Type | Yes | Content-Type: application/json; charset=UTF-8 |
Client-Id | Yes | Client-Id: **** |
Response-Time | Yes | Response-Time: 2019-04-04T12:08:56+08:00 |
Table 2. Response header
For details of each header field, see the following descriptions.
Signature
Signature contains key-value pairs that are separated by comma (,). Each key-value pair is an equation, which is a key joined with its value by an equal sign (=). Signature is required to create a response header.
The following keys can be configured:
algorithm
: Specifies the digital signature algorithm that is used to generate the signature. The value is not case-sensitive. RSA256 and ECC224 are supported, and RSA256 is used by default.keyVersion
: Specifies the key version that is used to generate or validate the signature. By default, the value is the latest version of the key associated withclient-id
.signature
: Contains the signature value of the response.
Example:
signature: algorithm=RSA256, keyVersion=2, signature=KEhXthj4bJ801Hqw8kaLvEKc0Rii8KsNUazw7kZgjxyGSPuOZ48058UVJUkkR21iD9JkHBGRrWiHPae8ZRPuBagh2H3qu7fxY5GxVDWayJUhUYkr9m%2FOW4UQVmXaQ9yn%2Fw2dCtzwAW0htPHYrKMyrTpMk%2BfDDmRflA%2FAMJhQ71yeyhufIA2PCJV8%2FCMOa46303A0WHhH0YPJ9%2FI0UeLVMWlJ1XcBo3JrbRFvcowQwt0lP1XkoPmSLGpBevDE8%2FQ9WnxjPNDfrHnKgV2fp0hpMKVXNM%2BrLHNyMv3MkHg9iTMOD%2FFYDAwSd%2B6%2FEOFo9UbdlKcmodJwjKlQoxZZIzmF8w%3D%3D
Content-Type
Content-Type
indicates the media type of the response body, where charset
is used for generating and validating signatures. For more information about the Content-Type field, see RFC2616.
For example:
Content-Type: application/json; charset=UTF-8
Client-Id
Client-Id
is a unique ID assigned by WorldFirst(Alipay) to identify a Partner and is associated with the keys that are used for the signature.
Response-Time
Specifies the time when the response is returned, as defined in ISO 8601.
Example:
Response-Time: 2019-04-04T14:08:56+08:00
Response body
Response body contains the information responding to the client. Fields in this section vary depending on services. However, the result
parameter, which indicates the result of an API call, is always contained.
When the result status ( resultStatus
) is "Failed"(F
) or "Unknown" (U
), the result code ( resultCode
) indicates an error code, and the result message ( resultMessage
) indicates an error message, which is used for troubleshooting. For more information about how to resolve errors, see Error codes.
Field | Data type | Required | Description |
resultStatus | String | Yes | Result status. Valid values are:
|
resultCode | String | Yes | Result code.
|
resultMessage | String | No | Result message that describes the result code in detail.
|
Message transmission workflow
The following figure illustrates the message transmission workflow from Partner to WorldFirst(Alipay).
Figure 1. Message transmission workflow
Overall procedure
Follow the overall procedure to call an API.
Preparations
- Sign the request before sending.
- To prevent some potential errors that you might get in the response, consider the following factors:
- Properly encode the data.
- Enable API idempotence.
1. Construct a request
Construct a request by complying with the request structure, for example, by adding the Client-Id
, Request-Time
, Signature
, and other fields to the request header.
- To ensure message transmission security, message signing and signature validation are required for all requests and responses.
2. Send a request
You can send a request via Postman or cURL command in CLI.
3. Check the response
The response is returned usually in JSON or XML format. For details about the response, see the Response structure section.
After you receive the response, validate the signature of the response.
4. Check the status code
The response data may vary depending on the services. However, the result field, which indicates the result of an API call, is always contained. If an error occurs, an error response is returned, where the result object indicates the error code and error message for you to troubleshoot issues.