tencent cloud

Mini Game Payment Signature and Verification
Download PDF
Last updated: 2025-04-22 18:11:24
Mini Game Payment Signature and Verification
Last updated: 2025-04-22 18:11:24
Download PDF

Payment request signature algorithm

The pay_sig parameter uses a signature algorithm that signs the payment request with the AppKey obtained from the superapp. This indicates that the request is initiated by the developer’s server-side payment module. The signature algorithm pseudocode is as follows:
paySig = to_hex(hmac_sha256(appKey,'requestMidasPaymentGameItem' + '&' + signData))
  import hmac
  import hashlib
  import urllib.parse

  # sign_data: The original payment string. Note that sign_data must be exactly the same as the parameters sent from the frontend, including spaces and line breaks. It is recommended to generate and send it from the backend.
  # appkey: The secret key
  # method: The signature method, which should be requestMidasPaymentGameItem
  def gen_pay_sig(sign_data, appkey, method):
      need_encode_body = method + '&' + sign_data
      print(need_encode_body)
      return hmac.new(key=appkey.encode('utf-8'), msg=need_encode_body.encode('utf-8'),
              digestmod=hashlib.sha256).hexdigest()

User session signature

Some server-side APIs require session_key for user authentication. To keep the session_key confidential, it is not transmitted in plaintext. Instead, the API uses a session signature for verification.
The signature is generated as follows: signature = hmac_sha256(session_key, rawData). Here, rawData refers to the parameters sent by the developer when calling the server-side API.

Payment subscription event signature algorithm

The pay_event_sig parameter uses a signature algorithm that signs the payment event request with the AppKey from the superapp, indicating the request is initiated by the developer’s server-side payment module. The signature algorithm pseudocode is as follows:
pay_event_sig = to_hex(hmac_sha256(app_key, event + '&' + payload))
You can refer to the following Python example for the implementation of calc_pay_event_sig:
● event is the type of event being pushed, e.g., minigame_coin_deliver_completed.
● app_key is the AppKey configured in the superapp.
● payload is the data being pushed, corresponding to the payload in the mini game structure. Refer to the specific push request parameter description.

#!/usr/bin/python
# -*- coding: utf-8 -*-
""" Example for calculating PayEventSig signature """
 
import hmac
import hashlib
 
 
def calc_pay_event_sig(event, payload, appkey):
    """ pay_event_sig signature algorithm
      Args:
          event - Event type, e.g., minigame_game_pay_goods_deliver_notify
          payload - Event payload, the payload in the notification message, e.g.,{"OpenId":"to_user_openid","OutTradeNo":"xxxxxxx","WeChatPayInfo":{"MchOrderNo":"xxxxxxx","TransactionId":"xxxxxxx"},"Env":0,"CoinInfo":{"ZoneId":"1","TotalPrice":100,"BuyQuantity":1,"OrigPrice":100}}
          app_key - AppKey configured in the superapp
      Returns:
          Payment request signature pay_event_sig
    """
    need_sign_msg = event + '&' + payload
    pay_sig = hmac.new(key=appkey.encode('utf-8'), msg=need_sign_msg.encode('utf-8'),
                       digestmod=hashlib.sha256).hexdigest()
    return pay_sig
Was this page helpful?
You can also Contact Sales or Submit a Ticket for help.
Yes
No

Feedback