Business Process

The WeChat official website is very detailed and has pictures. I'll say it again.

The user clicks a payment button-->{Backend push processing}-->The user sees an interface for entering a password, including the amount and other information-->After the user enters the password, a The page where the payment is successful (this part of the process is completed by WeChat itself, we don’t have to do anything) --> Return to the system’s own page (you can’t let the user keep looking at a page where the payment is completed. After spending money, it’s correct It hurts, jump quickly~ I regret it after a while, how to apply for a refund. The poor engineer still has to develop the refund function)

Development process

1) Obtain user authorization (this It doesn’t matter whether I do it or not, I haven’t done it yet anyway)

2) Call the unified ordering interface to get the prepayment ID

3) H5 calls up the built-in JS of WeChat payment

4) After the payment is completed, the processing of the WeChat callback URL

Looking at the long paragraph of text, are you very unhappy? I forgot where I saw this sentence. One picture instead thousands of words. (The red part in the picture is what we need to do. There doesn’t seem to be much

The main part of this article begins (If you want to see the code directly, You may not be able to understand the code after pasting it. It does not mean that the code is difficult, various separations, and various classes are not straightforward. If you understand it, you may not be able to debug the last signature error, or $get_brand_wcpay_request:fail.$. key0 I still have to be obedient about the parameters.) I’m a little confused about learning English recently. If you don’t understand the meaning, you can skip it. I’ll tell you about it later in the article. Joke.

1. Generate a unified ordering interface and obtain prepay_id.

Required parameters==Name==Where to find them:

WeChat official gave a parameter Detailed description of https://pay.weixin.qq.com/wiki/doc/api/jsapi.php?chapter=9_1 Some parameters, if you still don’t know where to find them, please continue reading

appid ==Application ID==Log in to the WeChat official account backend - development - basic configuration

mch_id == WeChat payment merchant number == Log in to the WeChat payment backend and you will see

device_info ==Equipment number==Terminal device number (store number or cash register device ID), Note: Please enter "WEB"

#body==Product description==Product or payment order briefly when paying on PC web page or official account Description (I don’t know what the hell it is, it doesn’t matter, just pass a string casually, and pass an English string casually. You will get full marks for your wise decision at this time. If it is Chinese, you may encounter no clue The signature error is serious, and the person starts to doubt his life)

trade_type==Transaction type==The values ????are as follows: JSAPI, NATIVE, APP. The JSAPI we use here. As the title has said, it is WeChat public account payment.

ps: JSAPI--official account payment, NATIVE--native scan code payment, APP--app payment, the parameters for the unified order interface trade_type can be found here MICROPAY--payment by card, payment by card is available. Separate payment interface, does not call the unified ordering interface

nonce_str==random string==random string, no longer than 32 characters

ps: Friends may name the nonce , I am very surprised, are all the people on the WeChat team Doubi? I checked the encyclopedia and found that random numbers are also represented by nonce. (Curious babies can check the meaning of nonce in the Cambridge dictionary). With my unremitting efforts,

I discovered this. nonce ==number used once. Suddenly enlightened.

notify_url==Notification address==Receive the WeChat payment asynchronous notification callback address. The notification url must be a directly accessible url and cannot carry parameters. (Here, what’s a good name? Just name it casually, it won’t be used for a while anyway)

out_trade_no==Merchant order number==Order number within the merchant system, within 32 characters, can be Contains letters (Every time I read the official explanation on WeChat, I get more confused. Is there any? It doesn’t matter, I will just send 1.)

total_fee==Total amount==Total amount of order , the unit is cents (for the company's project testing, you have to pay for it yourself, and 1 cent is money. ps: At this time, I always think of a classmate who said that fly legs are also meat)

openid ==User ID==trade_type=JSAPI, this parameter must be passed, the user's unique ID under the merchant's appid.

The most important thing is that important characters always appear at the end.

sign==signature==official signature algorithm. https://pay.weixin.qq.com/wiki/doc/api/jsapi.php?chapter=4_3. I don’t understand it, I don’t quite understand it. Do you think you understand it? It doesn’t matter. If you don’t encounter a few signature errors, do you have the nerve to say that you have done WeChat payment development?

said that this sign has a more important parameter. Parameters involved in the signature. Anyway, it took me a long time to find it. (The WeChat payment applied for by the company operation, when I asked her to ask for it, his expression looked like this.

key==key setting path: WeChat merchant platform (pay.weixin.qq.com)- ->Account Settings-->API Security-->Key Settings

Here:

There are instructions on how to find it online. I'm too lazy to look for it. I just thought of a string myself, then encrypted it into a 32-bit string using MD5, and reset it.

This key value is used when generating a sign signature, so it must be saved.

I see that others use a lot to generate signatures (sign). Anyway, I used the sign generated by the parameters given above. (This above refers to my blog, not WeChat. In order to reduce Misunderstanding, post the parameters I used to generate the sign signature)

The parameters I used to generate the sign signature

After preparing the above parameters, Encapsulated into XML

The format is as follows:

<?xml  version="1.0" encoding="UTF-8" standalone="yes"?><xml>
????<appid>wxb1427ebebexxxxxx</appid>
????XXX費(fèi)用
????<device_info>WEB</device_info>
????<mch_id>132186xxxx</mch_id>
????<nonce_str>6AED000AF86A084F9CB0264161E29DD3</nonce_str>
????<notify_url>https://一個(gè)域名/api/wechatPay/jsapiPayNotify</notify_url>
????<openid>oo8WUt0taCqjt552htW1vw-xxxxx</openid>
????<out_trade_no>1</out_trade_no>
????<sign>各種排序+key生成的那個(gè)sign</sign>
????<total_fee>1</total_fee>
????<trade_type>JSAPI</trade_type></xml>

Call the unified order address of WeChat: https://api.mch.weixin.qq.com/pay/unifiedorder

Witness a miraculous moment. If the above parameters are magically correct, you will receive the XML string returned by WeChat with the following format

<xml>
??<return_code></return_code>
??<return_msg></return_msg>
??<appid></appid>
??<mch_id></mch_id>
??<device_info></device_info>
??<nonce_str></nonce_str>
??<sign></sign>
??<result_code></result_code>
??<prepay_id></prepay_id>
??<trade_type></trade_type></xml>

What we need is this product

prepay_id

獲取到這貨之后，第一步驟已經(jīng)結(jié)束了，可以去喝個(gè)茶，吃個(gè)冰棍，小慶祝一下。

2、H5調(diào)起微信支付的內(nèi)置JS

The parameters returned from the background to the front desk should include the following items:

appId==This is unchanged==Never change

timeStamp==Timestamp==Rules: https://pay.weixin.qq.com/wiki/doc/api/jsapi.php?chapter=4_2. After reading it, I still look confused. It doesn’t matter, we have the tool class. Who knows, just call it directly

nonceStr == Anyway, I used the same random string as the signature just now. Theoretically, it shouldn't matter if you don't use it. Diligent friends can try

package==Order details extended string==prepay_id parameter value returned by the unified order interface, submission format such as: prepay_id=** *(You guessed it right. The prepay_id we got after so much effort was used here. When I used it for the first time, I kept using the order ID to request, and then the information WeChat gave me was that the request parameters were wrong and missing. Parameter $key0$. Don’t tell me, it’s just me.)

signType==Signature method==Signature algorithm, temporarily supports MD5

paySign==Signature==This signature is required. Regenerate, in the background. Use the above 4 parameters + a key (never change). (The timestamp when I generated the signature and the timestamp sent back to the front desk are the same timeStamp. Does it work if they are different? There is no verification)

Code to generate paySign

NB: When generating prepay_id, the appid is a lowercase i. When generating paySign, the appId is an uppercase I

So far, if everything goes well, you will see a page like this.

But if, you didn’t see this. Instead, it prompts that the directory is not authorized, or the test account is not in the whitelist. I think this is the correct way to open this blog.

WeChat public account background, WeChat payment, there is a payment authorization directory in the development configuration, test authorization directory,

Payment authorization directory: during development, put it first. (Grandpa Deng Xiaoping once said when dealing with Sino-Japanese relations, we should put aside problems that we cannot solve.)

Test authorization directory: This is what we need to fill in. You need an address that can be accessed from the outside world. IP can also be used (it can be tested personally). If your IP cannot be accessed from the external network, ask an operation and maintenance classmate to solve it. It is recommended to configure a domain name accessible from the external network for testing.

Test whitelist: This does not explain

Enter the password, and then you will see the result like this. (This doesn’t require us to do anything)

I’m so excited, go get something to eat quickly and suppress your inner excitement.

Remaining, we still have two things to do. Let’s talk about the simple ones first.

3. After the payment is successful, jump back to a certain page in your system

function?onBridgeReady(){
???WeixinJSBridge.invoke
???(???????'getBrandWCPayRequest',?
???{???????????"appId"?:?appId,???????
???//公眾號(hào)名稱，由商戶傳入
???????????"timeStamp":timeStamp,?//時(shí)間戳，自1970年以來的秒數(shù)?????
???????????"nonceStr"?:?nonceStr,?//隨機(jī)串?????
???????????"package"?:?Package,?????
???????????"signType"?:signType,??//微信簽名方式：?????
???????????"paySign"?:?paySign?????//微信簽名?
???????},???????function(res){?
???????????if(res.err_msg?==?"get_brand_wcpay_request:ok"?)?{
???????????????window.location.replace("index.html");
???????????}
???????}
???);?
}

In the above code, the red part can be modified to the page you want to go to. Are you curious about what replacement is? Move here and take a look: http://www.miracleart.cn/

4, the last part. fighting

This part has the following 3 small steps

　　1) Parse the passed flow information and verify the correctness of the information contained in the flow by re-signing. It is to determine whether this information is sent by WeChat

　　2) If return_code and result_code are both SUCCESS, handle the merchant's own business logic. It’s just the payment status of the order and some other information.

　　　　3）告訴微信，我收到你的返回值了。不用在發(fā)了。

關(guān)于以上三點(diǎn)的解釋。微信官方是這么說的

//支付完成后，微信會(huì)把相關(guān)支付和用戶信息發(fā)送到商戶設(shè)定的通知URL，
//驗(yàn)證簽名，并回應(yīng)微信。
//對后臺(tái)通知交互時(shí)，如果微信收到商戶的應(yīng)答不是成功或超時(shí)，微信認(rèn)為通知失敗，
//微信會(huì)通過一定的策略（如30分鐘共8次）定期重新發(fā)起通知，
//盡可能提高通知的成功率，但微信不保證通知最終能成功。

//商戶自行增加處理流程,
//例如：更新訂單狀態(tài)
//例如：數(shù)據(jù)庫操作
//例如：推送支付完成信息

還記得我們在第一步生成預(yù)支付id(prepay_id時(shí)的那個(gè)notify_url嗎。如果不記得了，請往上翻。如果當(dāng)時(shí)只是隨便寫了一個(gè)，那么這會(huì)需要去改一改了。)

一個(gè)能訪問的到的action.同樣地址需要外網(wǎng)能訪問的到。沒有試ip好不好使。開發(fā)這部分功能的時(shí)候，運(yùn)維同學(xué)已經(jīng)配置了測試域名。好開心啊，終于不用在糾結(jié)于一些交互配置了。

和支付寶不同，微信返回的是流。和支付寶不同，微信返回的是流。和支付寶不同，微信返回的是流。重要的事情說三遍

解析之后，得到的格式是這樣子的

<xml><appid><![CDATA[wxb1427ebebeeaxxxx]]></appid>
<bank_type><![CDATA[CFT]]></bank_type>
<cash_fee><![CDATA[1]]></cash_fee>
<device_info><![CDATA[WEB]]></device_info>
<fee_type><![CDATA[CNY]]></fee_type>
<is_subscribe><![CDATA[Y]]></is_subscribe>
<mch_id><![CDATA[132186xxxx]]></mch_id>
<nonce_str><![CDATA[07FC15C9D169EE48573EDD749D25945D]]></nonce_str>
<openid><![CDATA[oo8WUt0taCqjt552htW1vw-xxxxx]]></openid>
<out_trade_no><![CDATA[你的訂單編號(hào)]]></out_trade_no>
<result_code><![CDATA[SUCCESS]]></result_code>
<return_code><![CDATA[SUCCESS]]></return_code>
<sign><![CDATA[E69940B3EDC437CB5A181210D523806E]]></sign>
<time_end><![CDATA[20160621134204]]></time_end>
<total_fee>1</total_fee>
<trade_type><![CDATA[JSAPI]]></trade_type>
<transaction_id><![CDATA[400386200120160621763973xxxx]]></transaction_id>
</xml>

對以上第一點(diǎn)和第三點(diǎn)做個(gè)解釋。

再次吐槽一下。微信真的很喜歡用簽名啊。整個(gè)過程，3遍簽名。也是醉了。

1）我們看到上述微信返回的xml中含有很多字段。使用上述xml中，處sign意外的值+key，進(jìn)行簽名。你沒有看錯(cuò)。包含result_code和return_code。

微信的官方對于簽名有解釋。

原諒我真的好久不學(xué)語文了。真的沒理解這句話，是用微信回調(diào)函數(shù)中傳的參數(shù)，進(jìn)行重新簽名。傻傻的，還在想，用第二次簽名是的參數(shù)進(jìn)行簽名，時(shí)間戳怎么辦，要不要存在數(shù)據(jù)庫里面。

將獲得的簽名與xml中的sign對比，如果相同，證明是微信返回的通知。如果不同，你的通知地址可能被黑客破解了。要不要告訴老板呢，告訴老板了，我怎么解決呢。

2）商戶邏輯處理，不解釋

3）告訴微信，我收到了你的通知，不需要在發(fā)送了。

怎么告訴微信呢。我翻遍了微信的文檔，也沒有找到回復(fù)微信通知這個(gè)url。

經(jīng)人知道，再一次的刷新了認(rèn)知觀。用response.

我是這么寫的

 response.getWriter().write(xml);

這個(gè)xml就是微信給你的那個(gè)流轉(zhuǎn)化的字符串。

xml中的return_code要是SUCCESS或者FAIL

別問我怎么知道的。官方的demo里面寫的

if($notify->checkSign() == FALSE){
        $notify->setReturnParameter("return_code","FAIL");//返回狀態(tài)碼
        $notify->setReturnParameter("return_msg","簽名失敗");//返回信息
    }else{
        $notify->setReturnParameter("return_code","SUCCESS");//設(shè)置返回碼
    }
    $returnXml = $notify->returnXml();

按照這個(gè)寫法，返回的數(shù)據(jù)。在沒有收到微信的通知。

之前在測試的時(shí)候，返回字符串之后，在沒有收到微信的通知，這兩天偶然查日志，發(fā)現(xiàn)，微信在一直的，通知，不一定是8次。從打印的日志看

有4次，6次。突然，好暈啊。有明白的朋友，還請多多指教

--------------------------------------------------------------

微信公眾號(hào)支付--JSAPI的開發(fā)思路和一下參數(shù)的具體解釋，全部完成了。具體代碼。等我從公司項(xiàng)目里面抽出來。在整理。

還有一個(gè)坑：我們在第一步的時(shí)候，body傳的是英文，如果傳中文，直接能用的趕緊感謝一下上蒼，返回參數(shù)錯(cuò)誤的，應(yīng)該是正常吧。

我的對象和xml轉(zhuǎn)化是用的Java的JAXBContext。很好用的趕腳。趕腳比XMLStream好用。

更多The whole process of WeChat public account payment development相關(guān)文章請關(guān)注PHP中文網(wǎng)！