Webhook Common Rules
For Security Purpose, Binance will add signature for webhook notification. Partner needs to verify the signature using the public key issued from Binance Pay.
#
Protocol RulesThe following specifies the rules for calling the Webhook Notification from Binance payment.
Rule | Description |
---|---|
Transfer Mode | Use HTTPS for secure transactions. |
Submit Mode | POST/GET, depends on the API. |
Data Format | Data submitted and response are both in application/json format. |
Char Encoding | Use UTF-8 character encoding. |
Signature Algorithm | RSA, asymmetric cryptographic algorithm |
Signature Requirement | Signature-checking is required for requesting and receiving data. |
Logic Judgment | Determine protocol field, service field and transaction status. |
#
Request HeaderAttributes | Type | Required | Limitation | Description |
---|---|---|---|---|
BinancePay-Certificate-SN | long | Y | - | MD5 hash value of public key |
BinancePay-Nonce | string | Y | must be 32 digits | A random string with 32 bytes, e.g. random ascii decimal within a-z and A-Z and loop 32 times to form a random string |
BinancePay-Timestamp | string | Y | - | UnixTimestamp in milliseconds |
BinancePay-Signature | string | Y | - | signature, generated by Binance Pay |
#
Verify the Signature#
Build the payloadJava
PHP
Note:
- ‘\n’ is LF, ASCII value is '0x0A'
#
Decode the Signature with Base64Java
PHP
#
Verify the content with public keyNote:
- Hash algorithm should use SHA256
Sample Java code is here, together with org.bouncycastle toolkit.
PHP