Data encryption

In order to ensure data security during transmission and prevent data leakage, sensitive data, such as card accounts and cardholders' names, need to be encrypted.

  • AES encryption algorithm
  • Merchants need to generate their own merchant secret key and keep it in a secure way
  • AES encryption method: AesUtil.AESEncode(metadata, secret key)
  • In case there are Chinese parameters, please encode with URLEncoder: URLEncoder.encode(param)


Mutual authentication is implemented. For requests, the caller needs to compute a digital signature and add the signature as part of the HTTP body. Conversely, for responses, Alchemy Pay provides its signature in the HTTP body in the response. The request signature is generated as follows:

1Sort all parameters in ascending order according to parameter namesParameter list: abc=value1 bcd=value2 bad=value3
Sort result: abc=value1 bad=value3 bcd=value2
2Connect all parameters with '&'abc=value1&bad=value3&bcd=value2
3The client uses RSA private key to sign, and the server uses RSA public key to verify the signatureRsaUtil.sign(signature string, private key)
4After receiving the request, the server decrypts the data first and then goes through the signature verification procedure on the decrypted data with RSA public key. If both decryption and signature verification are successful, the request is considered legitimate.