| Field Name | Description | Required | Notes |
|---|---|---|---|
| Api-Key | apiKey (merchant credential, bound to IP whitelist) | Yes* | Required for all except Get Token; Get Token only needs this field |
| Timestamp | Unix timestamp in milliseconds | Yes* | Deviation from server time must be within 60 seconds, and future timestamps are not accepted |
| Access-Token | Login token | Yes* | Required for all except Get Token; returns 1005 when future timestamp is rejected |
| Signature | Signature value | No | Used for platform → merchant callbacks |
| Sign-Version | Signature algorithm version | No | Defaults to V1 (used in callbacks) |
| Timezone | Timezone | No | Defaults to UTC+8, affects list query time boundaries |
| Language | Response msg language | No | e.g. zh_CN / en_US; affects multilingual error messages |
| Content-Type | Request content type | Yes | Fixed value: application/json |
Usage Notes
Authentication Modes
- Get Token: Only requires
Api-Key+Timestamp; noAccess-Tokenneeded. - Other interfaces: All require
Api-Key+Timestamp+Access-Token.
Timestamp Validation
Timestampmust be a Unix millisecond timestamp (13 digits).- Deviation from server time must be within 60 seconds, otherwise 1005 (timestamp invalid or expired) is returned.
- Future timestamps are not accepted; excessive deviation returns 1005.
IP Whitelist
- The requesting IP must be in the IP whitelist associated with the
Api-Key. - Non-whitelisted IPs return 1003 (IP address not allowed).
Timezone and List Queries
- List interfaces with
start_time/end_timeshould include theTimezoneheader (defaults to UTC+8). - This affects day boundary calculation; use
Language: zh_CNoren_USto control the language of error messages.
curl Examples
Basic example (Get Token):Domain Replacement
Replacehttps://api.example.com in the curl examples below with the actual API domain:
- Sandbox environment:
https://sandbox-openplatform.keysecure.io - Production environment:
https://openplatform.keysecure.io(contact your account manager to obtain)
Error Codes
| Code | Chinese Description | English Description |
|---|---|---|
| 1002 | Api-Key 不能为空 | Api-Key is required |
| 1003 | IP 地址不正确 | IP address not allowed |
| 1005 | 时间戳已失效 | Timestamp invalid or expired |
| 1006 | Access-Token 不能为空 | Access-Token is required |
| 1007 | Access-Token 已失效 | Access-Token invalid or expired |
