Jump to: navigation, search

Order payment notification

Order payment notification

Order payment flowchart

Payment-notice.jpg


1.Game client calls AnySDK Framework payment API (payForProduct), AnySDK Framework will request AnySDK server to generate an order number.
2.AnySDK Framework obtains the order number generated by the server.
3.AnySDK Framework calls SDK payment api to request payment from SDK server.
4.After payment is successful, payment SDK will return payment successful message to AnySDK Framework, and the AnySDK Framework will then carry out payment successful callback function to notify game client.
Note: When the SDK returns the successful callback, it only indicates that the transaction has been successfully submitted to SDK server, it does not mean that the order has been successfully paid. For some payment SDKs user only needs to enter payment selection screen, and the SDK will generate an order and return with a payment successful callback even if user cancels payment or payment fails. That is why the payment result only depends on whether game server has received SDK server payment callback information and not rely on local payment callback.

5.After SDK server completes payment, it will send order verification information and notify AnySDK server asynchronously.
Note: This step requires developers to configure the back-end payment callback address as the payment callback address dedicated to each channel provided by AnySDK (i.e. the screen where developer obtains SDK parameters). This address can be checked at the package tool parameters configuration screen.
6.AnySDK server will check the order information send by the SDK server and return with a correct response.
7.AnySDK will send the payment result information to the payment callback address provided by the game server. This address is on the package tool parameters configuration screen.
8、The game server will check the information send by AnySDK. It does not matter whether it checks a valid order of an item to be granted or an invalid order that needs to be discarded, as long as the game server completes this notification process, be sure to return with the correct response ok or OK, or else AnySDK will duplicate the notification and put pressure on the game server.
9.Game server verifies payment notification and provides item.

Notify game server

After payment, AnySDK payment notification service will inform developers the payment result by the payment notification address (callback address). After receiving and test the params, developer server will recharge the user account or distribute the props.

Coding instruction

UTF-8 code should be used during the transport process.

Parameter specification

Param Param type Specification
order_id string Order id, produced by AnySDK
product_count string Product quantity (the exact quantity cannot be provided now)
amount string Payment amount. Unit is yuan. Value can be floating points based on the requirement of different channels
pay_status string Payment status. 1 is success.
pay_time string Payment time. Form: YYYY-mm-dd HH:ii:ss
user_id string User id in custom system
order_type string Order type. See details in payment channel list
game_user_id string User id in the game. Role_Id params that are imported while paying.
server_id string Server id. Server_id params that are imported while paying.
product_name string Product name. Product name params that are imported while paying
product_id string Product id. Product id params that are imported while paying.
private_data string Private data, ext params that imported while calling client payment function, and will be passed to game server.
channel_number string Channel Number
sign string Sign. To check the sign, refer to signature algorithm.
source string Requested parameters when SDK server notifies AnySDK

Game server responses

The app should respond ok (character string, not json form) after receiving the notification to confirm the reception. If it responds other value or nothing, the notification is thought to be a failure and AnySDK payment notification server will try more times.

Signature algorithm

1. All non-empty parameters are listed in ascending alphabetical order, sign parameters are not included in signature.
2. Use numerical string method to put the listed parameters together in order.
3. Do an one-time md5 and convert to lower case, obtain encrypted string 1.
4. When following the encrypted string 1 up with private_key at the end, do an one-time md5 encryption and convert into lower case, the string obtained is the signature “sign” value.
3. When comparing obtained signature value with parameter “sign”, if they are the same then verification will be succesful.
Note: If values are included in signature, then parameters cannot be included in signature.

For example if received data is: a=3&c=1&b=2    string=321 【here is no + in actual string, + is only a connected string】

      	sign=md5(md5(string)+private_key)

php check example:

<?php
/**
 * payment notification check demo
 */

$data = $_POST;
/**
* Please note that with regard to $_POST data if the server does not automatically process urldecode, do an one-time urldecode (refer to rfc1738 standards). 
*/
/**
foreach ($data as $key => $value) {
        $data[$key] = urldecode($value);
}
**/

$privateKey = "abcdef123456xxxxxx";
if (checkSign($data, $privateKey)) {
        // @todo If verification is successful, the game server will process logic
        echo "ok";
} else {
        //@todo
        echo "failed";
}

/**
 * 
 * @param array $data receives all requested parameter arrays, can be obtained through $_POST. Please note that if server does not automatically analyze data, do an one-time urldecode( refer to rfc1738 standards)

 * @param array $privateKey AnySDK allocates game privateKey 
 * @return bool
 */
function checkSign($data, $privateKey) {
        if (empty($data) || !isset($data['sign']) || empty($privateKey)) {
                return false;
        }
        $sign = $data['sign'];
        $_sign = getSign($data, $privateKey);
        if ($_sign != $sign) {
                return false;
        }
        return true;
}

/**
 * Compute signature
 * @param array $data
 * @param string $privateKey
 * @return string
 */
function getSign($data, $privateKey) {
        //sign Does not participate in signature
        unset($data['sign']);
        //Array listed in key ascending order
        ksort($data);
        // The values in array is without any partition    
combined into a string
        $string = implode('', $data);
        //Create an one time md5 and convert to lower case, add the game’s privateKey at the end, finally create another md5 and convert to lower case
        return strtolower(md5(strtolower(md5($string)) . $privateKey));
}

?>

More demo checks

1.php
 Anysdk-pay-notice-php-demo.zip
2.java
 anysdk-pay-notice-java-demo1.zip   (Provided by Quanzhou Zhufeng software)
 anysdk-pay-notice-java-demo2.zip   (Provided by Beijing Zhidian Qiankun)


Online check

Online API check

1. First install Chrome’s extension POSTMAN or install Firefox plug-in HttpRequester (used to simulate API requests)
2. URL:inner.anysdk.com/tools/check/sign
3. Content Type: x-www-form-urlencoded
4. Select POST method
5. The param value of the parameter is the paratemer character string after callback address (meaning that after the question mark) of notification parameter under AnySDK Developer Management Backend => Payment Management => Payment Notification Details => Game Server Notification Details.
order_id=PB046014090318043151964&product_count=1&amount=1.00&pay_status=1&pay_time=2014-09-03+18%3A05%3A03&order_type=111&source=%7B%22
api_key%22%3A%22E0B55012B104419F93888B54DC759720%22%2C%22close_time%22%3A%2220140903180503%22%2C%22create_time%22%3A%2220140903180431%22%2C%22
deal_price%22%3A%221.00%22%2C%22out_order_no%22%3A%22PB046014090318043151964%22%2C%22pay_channel%22%3A%22100%22%2C%22submit_time%22%3A%2220140903180431%22%2C%22
user_id%22%3A%22null%22%2C%22sign%22%3A%22ORnEWGPq9DqO5KfuiO%2Bdr80zkqpMnqx8z3vVtBuHrzdb0a7B%2BHksqXei0cbo08haBao14KNbKV77mLUG2dkR2BY0fuKjJZc2Jyx3gy8eK8ZLgbI426DaXG7H%5C%2F73O
yzVTKy8z6UbXEeWO4X2xA2SKZQAvggFk1PFXdLGvoc3p1e8%3D%22%7D&user_id=520DCB93E481495E8293B9AA832F5182&game_user_id=7013957&server_id=1&product_name=100%E9%92%BB%E7%9F%B3&
product_id=1&private_data=100_6_7013957_1409738670&channel_number=000286&sign=d9f271be11266b4a441b8e8d1847a196
6. Private_key value is the private_key provided to a game by AnySDK
7.Example picture:

Chrome browser POSTMAN extensions uses:

800px

800px

Notification duplication

The server of content provider should be ready to receive multiple notification to prevent multiple additional payments.
At the same time developer should keep in mind that, an “ok” response indicates that the app has properly received the information. There is no need to continue sending a notification, it will not show whether the payment or process is successful or not.
With regard to duplicate notifications, the user may find that the order has been successfully processed. There is no need to continue processing, just go back with “ok” (lower case strings). Otherwise the AnySDK payment notification service will consider the notification to be unsuccessful and will continue sending notifications.
The notifications will be repeated at the following intervals: 2 min., 10 min., 10.min, 1 hour, 2 hours, 6 hours, 15 hours (a total of 7 times), and it will end until it receives a successful feedback or it has finished sending 7 times.