For Security Purpose, Binance will add signature for webhook notification. Partner need to verify the signature using the public key issued from Binance Pay.
The following specifies the rules for calling the Webhook Notification from Binance payment.
|Transfer Mode||Use HTTPS for secure transactions.|
|Submit Mode||POST/GET, depends on the API.|
|Data Format||Data submitted and response are both in application/json format.|
|Char Encoding||Use UTF-8 character encoding.|
|Signature Requirement||Signature-checking is required for requesting and receiving data.|
|Logic Judgment||Determine protocol field, service field and transaction status.|
|cert||long||Y||-||MD5 hash value of public key|
|nonce||string||Y||must be 32 digits||A random string with 32 bytes, e.g. random ascii decimal within a-z and A-Z and loop 32 times to form a random string|
|timestamp||string||Y||-||time stamp in millis|
|signature||string||Y||-||signature, verify signature generation|
- ‘\n’ is LF, ASCII value is '0x0A'
- Parameter names are case-sensitive;
- When checking returned data or a push notification signature, the transferred sign parameter is excluded in this signature as it is compared with the created signature.