平台收付通商家充值-充值成功通知(JSON)
微信支付通过该接口将二级商户的充值结果通知给平台商户的系统。 充值结果通知
请求头(headers)
Wechatpay-Nonce: 3d980fb850fdce97f6bfb3d248597f16
Wechatpay-Serial: 7132d72a03e93cddf8c03bbd1f37eedf********
Wechatpay-Signature: i48r5y8IQw1qpTO+ywoV...
Wechatpay-Signature-Type: WECHATPAY2-SHA256-RSA2048
Wechatpay-Timestamp: 1710048759
Request-ID: 08F78BB5AF0610D302189F99DD5C20BA56F89845-0请求报文(body)
json
{
"id":"EV-2018022511223320873",
"create_time":"2015-05-20T13:29:35+08:00",
"resource_type":"encrypt-resource",
"event_type":"RECHARGE.SUCCESS",
"resource" : {
"algorithm":"AEAD_AES_256_GCM",
"ciphertext": "...",
"nonce": "...",
"associated_data": ""
}
}resource.ciphertext 解密后的明文格式
json
{
"sp_mchid": "1900001109",
"sub_mchid": "1900001121",
"out_recharge_no": "cz202407181234",
"recharge_id": "100000202405180012345678",
"recharge_scene": "ECOMMERCE_DEPOSIT",
"account_type": "DEPOSIT",
"recharge_channel": "QR_RECHARGE",
"recharge_amount": {
"amount": 500000,
"currency": "CNY"
},
"recharge_state": "SUCCESS",
"recharge_state_desc": "充值成功",
"accept_time": "2015-05-19T13:29:35+08:00",
"success_time": "2015-05-20T14:29:35+08:00",
"remark": "备注",
"qr_recharge_info":{
"openid": "owYiu0WOJdGCYxoHrPabGhI39uT4"
},
"bank_transfer_info": {
"bill_no": "111111",
"memo": "转账充值附言",
"bank_name": "中国银行",
"bank_card_tail": "0722"
}
}处理程序
js
const { Formatter, Rsa, Aes } = require('wechatpay-axios-plugin')
const {
'wechatpay-nonce': wechatpayNonce,
'wechatpay-serial': wechatpaySerial,
'wechatpay-signature': wechatpaySignature,
'wechatpay-timestamp': wechatpayTimestamp,
} = headers
let code = 'SUCCESS', message = undefined
if (Math.abs(Formatter.timestamp() - wechatpayTimestamp) > MAXIMUM_CLOCK_OFFSET) {
code = 'FAIL'
message = 'Over clock offset'
}
else
if (!Object.hasOwn(platformCertificates, wechatpaySerial)) {
code = 'FAIL'
message = 'platform certificate not exists'
}
else
if (!Rsa.verify(
Formatter.joinedByLineFeed(wechatpayTimestamp, wechatpayNonce, json),
wechatpaySignature,
platformCertificates[wechatpaySerial]
)) {
code = 'FAIL'
message = 'sign mismatched'
}
// do your business
// ...
// ...
const {
id,
create_time,
resource_type,
event_type,
resource: {
ciphertext,
nonce,
associated_data
},
} = JSON.parse(json)
const {
sp_mchid,
sub_mchid,
out_recharge_no,
recharge_id,
recharge_scene,
account_type,
recharge_channel,
recharge_amount,
recharge_state,
recharge_state_desc,
accept_time,
success_time,
remark,
qr_recharge_info,
bank_transfer_info,
} = JSON.parse(Aes.AesGcm.decrypt(nonce, apiv3Key, ciphertext, associated_data))
// do your business
// ...
// ...
const response = { code, message }正常应答头(headers)
Status: 200正常应答报文(body)
json
{
"code": "SUCCESS"
}注意:
- 同样的通知可能会多次发送给商户系统。商户系统必须能够正确处理重复的通知。 推荐的做法是,当商户系统收到通知进行处理时,先检查对应业务数据的状态,并判断该通知是否已经处理。如果未处理,则再进行处理;如果已处理,则直接返回结果成功。在对业务数据进行状态检查和处理之前,要采用数据锁进行并发控制,以避免函数重入造成的数据混乱。
- 特别提醒:商户系统对于开启结果通知的内容一定要做签名验证,并校验通知的信息是否与商户侧的信息一致,防止数据泄露导致出现“假通知”,造成资金损失。