什么是 callback_url, redirect_url

redirect_url

如果您填了这个选项,那么用户在支付完成后会显示一个"返回商家页面"的按钮,该按钮会链接到redirect_url。有了这个选项以后可以使整个支付流程更加的连贯。

callback_url

这个选项是为了有需要通过程序自动化监控您的订单的需求而设定的。如果您没有这样的需求,那么可以不用了解。

为了方便您和您自己的系统进行整合以及便于管理,我们提供了这个选项,当一个订单完成时,我们的后台会访问您提供的这个url。

系统访问这个url会有重试机制,为了让系统知道请求确实成功了,您在程序上应该原样返回一个参数,这个参数名是 _request_check_

我们采用了签名的方式(sha1)来让程序确认请求确实来自币付宝而并非其他的用户。

币付宝的公钥为

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqUSnx8dqJ0UC0jvFTEdL
gde7BSmKi8GzDnxvu/AMQw7TG3pRKAAKQJRYUSqpgMyOwUSrv3yfu3gBJwufjWJz
Kgtm8D9TOoYnZMJm4x5Lv9/EpYEg0zrAsmU/6rZJ9mYRaNPrt811Thju0/19fa77
XnsQ78UmvV4zCePkKAArO70SsU/hf1SinDX//t0a3/UOk0DhKoJZpzjb5mb+dcXM
GOJKpAONDGDK2UE1W67HmIG72b/R/G8CAFYbw4MGCjb0/Ee6obcAGK3Cj1JcuHjH
NzymBH0NuDvyz7fJuTg9Eplnh1blNeCJoG/vv7VLZNKetTMTx+H2X534RUQ4XheX
4QIDAQAB
-----END PUBLIC KEY-----

系统给您的程序提交的http请求里面包含了这个订单的信息,参数的列表参考示例程序。

php示例程序

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
<?php
/**
 * 币付宝回调示例程序
 * Bitfoo Callback Example
 * 
 * @author Panlilu
 * @copyright bifubao.com
 */


if (empty($_POST['_request_check_']) || empty($_POST['_signature_']) || 
    empty($_POST['_request_id_'])) {
  echo "invalid request_check or signature or request_id.";exit;
}

// bifubao rsa public, production

$bifubao_pubkey = "-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqUSnx8dqJ0UC0jvFTEdL
gde7BSmKi8GzDnxvu/AMQw7TG3pRKAAKQJRYUSqpgMyOwUSrv3yfu3gBJwufjWJz
Kgtm8D9TOoYnZMJm4x5Lv9/EpYEg0zrAsmU/6rZJ9mYRaNPrt811Thju0/19fa77
XnsQ78UmvV4zCePkKAArO70SsU/hf1SinDX//t0a3/UOk0DhKoJZpzjb5mb+dcXM
GOJKpAONDGDK2UE1W67HmIG72b/R/G8CAFYbw4MGCjb0/Ee6obcAGK3Cj1JcuHjH
NzymBH0NuDvyz7fJuTg9Eplnh1blNeCJoG/vv7VLZNKetTMTx+H2X534RUQ4XheX
4QIDAQAB
-----END PUBLIC KEY-----";

$pubkey_id = openssl_pkey_get_public($bifubao_pubkey);

$signature_sha1 = base64_decode($_POST['_signature_sha1_']);
// verify
if (openssl_verify(bifubao_make_sign_data($_POST), $signature_sha1, 
                   $pubkey_id, OPENSSL_ALGO_SHA1) !== 1) {
  echo "openssl_verify failure(sha1)";exit;
}



$_order =  json_decode($_POST['content'],1);


/*
$order = array(
    // the order content
    'order_id'      => $_order['order_id'],
    'order_hash_id' => $_order['order_hash_id'],
    'external_order_id' => $_order['external_order_id'],
    'handle_status'     => $_order['handle_status'], 
    'external_info'     => $_order['external_info'],
    'display_name'      => $_order['display_name'],
    'display_desc'      => $_order['display_desc'],
    'pay_user_id'       => $_order['pay_user_id'],
    'quantity'          => $_order['quantity'],
    'discount'          => $_order['discount'],
    'price_btc'         => $_order['price_btc'],
    'price_cny'         => $_order['price_cny'],
    'pay_btc'           => $_order['pay_btc'],  // unit: satoshi
    'ratio_btc2cny'     => $_order['ratio_btc2cny'],
    'onchain_receive_btc_address' => $_order['onchain_receive_btc_address'],
    'onchain_leave_message'       => $_order['onchain_leave_message'],
    'offchain_leave_message'      => $_order['offchain_leave_message'],
    'order_receipt_id'            => $_order['order_receipt_id'],
    'product_id'                  => $_order['product_id'],
    'creation_time'               => $_order['creation_time'],
    'last_modify_time'            => $_order['last_modify_time'],
);
*/

if ($_order['handle_status'] < 1000) {
  // todo : handle the order when bitcoin recieved is correct
  // 在这里完成当收到的比特币数量不正确时候的处理逻辑
  exit;
}

// todo: handle the order content
// 在这里实现支付完成时的逻辑


// return _request_check_
echo $_POST['_request_check_'];

exit;

// generate sign data string
function bifubao_make_sign_data($arr) {
	unset($arr['_signature_']);
	unset($arr['_signature_sha1_']);
	ksort($arr);
	$sign_str = '';
	if (!empty($arr)) {
		foreach ($arr as $_k => $_v) {
			$sign_str .= $_k . $_v;
		}
	}
	return $sign_str;
}


?>

How to use callback_url & redirect_url

redirect_url

If you fill the redirect_url option, then a button called "return to merchant's website" will display right after the payment is completed. The button will link to this redirect_url. The entire payment process will be more consistent with this option.

callback_url

Please ignore this section, if you don't have needs to process your orders automatically.

We offer this option, so that you can integrate the payment button to your own system. While an order is complete, our system will access your callback_url with a POST REQUEST.

Our system will retry 3 times until the request is successfully made, while you should return the parameter _request_check_.

We use a parameter signature (sha1 encrypted) to identify the POST which is from our system.

Our Public Key is:

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqUSnx8dqJ0UC0jvFTEdL
gde7BSmKi8GzDnxvu/AMQw7TG3pRKAAKQJRYUSqpgMyOwUSrv3yfu3gBJwufjWJz
Kgtm8D9TOoYnZMJm4x5Lv9/EpYEg0zrAsmU/6rZJ9mYRaNPrt811Thju0/19fa77
XnsQ78UmvV4zCePkKAArO70SsU/hf1SinDX//t0a3/UOk0DhKoJZpzjb5mb+dcXM
GOJKpAONDGDK2UE1W67HmIG72b/R/G8CAFYbw4MGCjb0/Ee6obcAGK3Cj1JcuHjH
NzymBH0NuDvyz7fJuTg9Eplnh1blNeCJoG/vv7VLZNKetTMTx+H2X534RUQ4XheX
4QIDAQAB
-----END PUBLIC KEY-----

The POST contains a list of the infomation related to the order, you can check out the parameters in the sample code.

php sample code

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
<?php
/**
 * 币付宝回调示例程序
 * Bitfoo Callback Example
 * 
 * @author Panlilu
 * @copyright bifubao.com
 */


if (empty($_POST['_request_check_']) || empty($_POST['_signature_']) || 
    empty($_POST['_request_id_'])) {
  echo "invalid request_check or signature or request_id.";exit;
}

// bifubao rsa public, production

$bifubao_pubkey = "-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqUSnx8dqJ0UC0jvFTEdL
gde7BSmKi8GzDnxvu/AMQw7TG3pRKAAKQJRYUSqpgMyOwUSrv3yfu3gBJwufjWJz
Kgtm8D9TOoYnZMJm4x5Lv9/EpYEg0zrAsmU/6rZJ9mYRaNPrt811Thju0/19fa77
XnsQ78UmvV4zCePkKAArO70SsU/hf1SinDX//t0a3/UOk0DhKoJZpzjb5mb+dcXM
GOJKpAONDGDK2UE1W67HmIG72b/R/G8CAFYbw4MGCjb0/Ee6obcAGK3Cj1JcuHjH
NzymBH0NuDvyz7fJuTg9Eplnh1blNeCJoG/vv7VLZNKetTMTx+H2X534RUQ4XheX
4QIDAQAB
-----END PUBLIC KEY-----";

$pubkey_id = openssl_pkey_get_public($bifubao_pubkey);

$signature_sha1 = base64_decode($_POST['_signature_sha1_']);
// verify
if (openssl_verify(bifubao_make_sign_data($_POST), $signature_sha1, 
                   $pubkey_id, OPENSSL_ALGO_SHA1) !== 1) {
  echo "openssl_verify failure(sha1)";exit;
}



$_order =  json_decode($_POST['content'],1);


/*
$order = array(
    // the order content
    'order_id'      => $_order['order_id'],
    'order_hash_id' => $_order['order_hash_id'],
    'external_order_id' => $_order['external_order_id'],
    'handle_status'     => $_order['handle_status'], 
    'external_info'     => $_order['external_info'],
    'display_name'      => $_order['display_name'],
    'display_desc'      => $_order['display_desc'],
    'pay_user_id'       => $_order['pay_user_id'],
    'quantity'          => $_order['quantity'],
    'discount'          => $_order['discount'],
    'price_btc'         => $_order['price_btc'],
    'price_cny'         => $_order['price_cny'],
    'pay_btc'           => $_order['pay_btc'],  // unit: satoshi
    'ratio_btc2cny'     => $_order['ratio_btc2cny'],
    'onchain_receive_btc_address' => $_order['onchain_receive_btc_address'],
    'onchain_leave_message'       => $_order['onchain_leave_message'],
    'offchain_leave_message'      => $_order['offchain_leave_message'],
    'order_receipt_id'            => $_order['order_receipt_id'],
    'product_id'                  => $_order['product_id'],
    'creation_time'               => $_order['creation_time'],
    'last_modify_time'            => $_order['last_modify_time'],
);
*/

if ($_order['handle_status'] < 1000) {
  // todo : handle the order when bitcoin recieved is correct
  // 在这里完成当收到的比特币数量不正确时候的处理逻辑
  exit;
}

// todo: handle the order content
// 在这里实现支付完成时的逻辑


// return _request_check_
echo $_POST['_request_check_'];

exit;

// generate sign data string
function bifubao_make_sign_data($arr) {
	unset($arr['_signature_']);
	unset($arr['_signature_sha1_']);
	ksort($arr);
	$sign_str = '';
	if (!empty($arr)) {
		foreach ($arr as $_k => $_v) {
			$sign_str .= $_k . $_v;
		}
	}
	return $sign_str;
}


?>