交易和退款结果通知
测试环境
https://xyf-server-test.postar.cn
测试环境
https://xyf-server-test.postar.cn
POST
/服务商的异步通知地址
使用场景:商户、ISV、应用开发者
简介
"rspCod" 和 "rspMsg" 字段。注意:返回的是对象,非字符串,rspMsg必须是一级参数。示例:
{"rspCod":"","rspMsg":"success"}。10s → 15s → 30s → 1m → 5m → 10m → 30m → 1h → 1h → 3h重要:商户在成功接收通知后,必须在响应中返回
"rspMsg":"success",否则平台会持续重试直至耗尽 10 次机会。由于网络异常、系统波动等原因,可能会存在用户支付成功、但是商户侧未能成功接收到支付结果异步通知的情况。这将会导致商户获取不到支付结果、用户订单显示为未支付,用户体验差且易造成客诉。
为杜绝以上问题,需要商户同时接入支付结果异步通知与订单查询接口。当商户侧未收到支付结果异步通知时,必须调用 /yyfsevr/order/orderQuery(订单查询接口)查询订单的支付结果。
使用说明
一、基本规则
1.
2.
3.
二、环境差异说明
测试环境
生产环境
三、配置与推送示例
测试环境示例
https://www.postar.cn/notifyhttps://pay.postar.cn/notify1https://pay.postar.cn/notify2场景1:默认地址为空,多地址列表为空
场景2:默认地址为 https://www.postar.cn/notify,多地址列表为空
https://www.postar.cn/notifyhttps://www.postar.cn/notify → 推送至 https://www.postar.cn/notifyhttps://pay.postar.cn/notify1)→ 仍推送至 https://www.postar.cn/notify场景3:默认地址为 https://www.postar.cn/notify,多地址列表包含 https://pay.postar.cn/notify1、https://pay.postar.cn/notify2
https://www.postar.cn/notifyhttps://www.postar.cn/notify → 推送至 https://www.postar.cn/notifyhttps://pay.postar.cn/notify1 → 推送至 https://pay.postar.cn/notify1https://pay.postar.cn/notify2 → 推送至 https://pay.postar.cn/notify2https://pay.postar.cn/notify3)→ 推送至 https://www.postar.cn/notify生产环境示例(普通地址)
https://www.postar.cn/notify → http://192.168.130.163:8009/yyfToIsvcs/notifyhttps://pay.postar.cn/notify1 → http://192.168.130.163:8009/yyfToIsvcspay/notify1https://pay.postar.cn/notify2 → http://192.168.130.163:8009/yyfToIsvcspay/notify2场景1:默认地址为空,多地址列表为空
场景2:默认地址为 http://192.168.130.163:8009/yyfToIsvcs/notify,多地址列表为空
https://www.postar.cn/notify。场景3:默认地址为 http://192.168.130.163:8009/yyfToIsvcs/notify,多地址列表包含 http://192.168.130.163:8009/yyfToIsvcspay/notify1、http://192.168.130.163:8009/yyfToIsvcspay/notify2
https://www.postar.cn/notifyhttps://www.postar.cn/notify、https://pay.postar.cn/notify1 等)→ 因与多地址列表不匹配,推送至 https://www.postar.cn/notifyhttp://192.168.130.163:8009/yyfToIsvcspay/notify1 → 推送至 https://pay.postar.cn/notify1http://192.168.130.163:8009/yyfToIsvcspay/notify2 → 推送至 https://pay.postar.cn/notify2四、动态异步通知地址配置
https://www.postar.cn/notify/20260318101800https://www.postar.cn/notify/20260318101801生产环境动态地址示例
https://www.postar.cn/notify → http://192.168.130.163:8009/yyfToIsvcs/notify(固定地址)https://pay.postar.cn/ → http://192.168.130.163:8009/yyfToIsvcspay/(动态地址,前缀匹配)https://cust.postar.cn/notify → http://192.168.130.163:8009/yyfToIsvcscust/notify(固定地址)场景1:默认地址为空,多地址列表为空
场景2:默认地址为 http://192.168.130.163:8009/yyfToIsvcs/notify,多地址列表为空
https://www.postar.cn/notify。场景3:默认地址为 http://192.168.130.163:8009/yyfToIsvcs/notify,多地址列表包含 http://192.168.130.163:8009/yyfToIsvcspay/、http://192.168.130.163:8009/yyfToIsvcscust/notify
https://www.postar.cn/notifyhttps://www.postar.cn/notify、https://pay.postar.cn/notify1、https://cust.postar.cn/notify/xxx 等)→ 因与多地址列表(映射后地址)不匹配,推送至默认地址http://192.168.130.163:8009/yyfToIsvcspay/notify1 → 推送至 https://pay.postar.cn/notify1(匹配前缀 http://192.168.130.163:8009/yyfToIsvcspay/)http://192.168.130.163:8009/yyfToIsvcspay/notify2 → 推送至 https://pay.postar.cn/notify2http://192.168.130.163:8009/yyfToIsvcspay/notify/20260318101800 → 推送至 https://pay.postar.cn/notify/20260318101800(动态部分任意)http://192.168.130.163:8009/yyfToIsvcscust/notify → 推送至 https://cust.postar.cn/notify五、总结
异步返回结果验签
注意:以下�示例报文仅供参考,实际返回的详细报文请以实际返回为准。
{"WX_AGET_SUBSIDY":"0","CUST_ID":"60000012628620","AGET_CUST_ID":"61000000582957","MEDIATYPE":"","POS_VOUCHERNO":"hi9njr","THREE_ORDER_NO":"2511042491723721","sign":"YZBvY7CN18RPi6wX/UeAhOO+/5F/zjgVRGbgfUoShnUui3xweD8TxPwT07+rYoz8q9XpsdQ7jTLBibK2rIevb6ojaq5FJcgbZke/IGOIJjLiEviQ7dGiU9xBQ3SUVyPEibxVHlMfzbo7PlxORjF2hvNlSXIB8o8vp0pvXVN99+PGZqyyksi1PDfPDiVJZdZX4uGy+S7//NXGaJTE2669g8FMSRadsc2wdaW/flMjb0kvI8BZhjvZVN8vohaBu1aoCufyUJqwcDtpvR9o5qA9txJQfJdwaddZdvzymJAZkWLmllXr4mzgMyU5bZefGTf8Fu2ydN7h00/PyMC32HxWXg==","CARD_TYPE":"01","OLD_FEE":"0","ORDER_NO":"20251104CChi9njr","ACTUAL_PAY_AMT":"2","T_ORDER_NO":"20251104CChi9njr","AGET_ID":"61000000582957","WX_CUST_SUBSIDY":"0","TERM_FEE":"0","ORDER_STATUS":"1","POS_PAY_WAY":"","CODE_AGE_AMT":"0","DISCOUNT_FEE":"0","BANK_CODE":"CCB_DEBIT","ORD_TYPE":"","SREF_NO":"","PAY_CHANNEL":"2","REFUND_DIS_AMT":"","DISCOUNT_FLAG":"0","LIMIT_FEE":"0","DEBT_STATE":"20251104","PAY_WAY":"8","OLD_TXAMT":"2","TRAN_TYPE_SER":"01","CODE_AMT":"0","TXAMT":"2","SUB_OPEN_ID":"oBY7i5WShNImAoHaKuY6zmu-gAc8","NETR_AMT":"2","OPEN_ID":"oBY7i5WShNImAoHaKuY6zmu-gAc8","MERCH_CONTRIBUTE":"0","CUST_AMT":"0","TRADING_IP":"39.144.92.50","MERCID":"856342004348074","CUST_FEE":"0","USTLDAT":"20251104","T_PAY_NO":"4200002861202511042403075191","ORDER_TIME":"20251104155010","OLD_ORDER_NO":"","BANK_NAME":"建设银行(借记卡)"}
第二步:将剩下参数进行字典排序,组成字符串,得到拼接串:
ACTUAL_PAY_AMT=2&AGET_CUST_ID=61000000582957&AGET_ID=61000000582957&BANK_CODE=CCB_DEBIT&BANK_NAME=建设银行(借记卡)&CARD_TYPE=01&CODE_AGE_AMT=0&CODE_AMT=0&CUST_AMT=0&CUST_FEE=0&CUST_ID=60000012628620&DEBT_STATE=20251104&DISCOUNT_FEE=0&DISCOUNT_FLAG=0&LIMIT_FEE=0&MEDIATYPE=&MERCH_CONTRIBUTE=0&MERCID=856342004348074&NETR_AMT=2&OLD_FEE=0&OLD_ORDER_NO=&OLD_TXAMT=2&OPEN_ID=oBY7i5WShNImAoHaKuY6zmu-gAc8&ORDER_NO=20251104CChi9njr&ORDER_STATUS=1&ORDER_TIME=20251104155010&ORD_TYPE=&PAY_CHANNEL=2&PAY_WAY=8&POS_PAY_WAY=&POS_VOUCHERNO=hi9njr&REFUND_DIS_AMT=&SREF_NO=&SUB_OPEN_ID=oBY7i5WShNImAoHaKuY6zmu-gAc8&TERM_FEE=0&THREE_ORDER_NO=2511042491723721&TRADING_IP=39.144.92.50&TRAN_TYPE_SER=01&TXAMT=2&T_ORDER_NO=20251104CChi9njr&T_PAY_NO=4200002861202511042403075191&USTLDAT=20251104&WX_AGET_SUBSIDY=0&WX_CUST_SUBSIDY=0
d8727d96bbb4bae07f5caef4d56c6c79b1d3e079c00bb55df8284cadd0351829
第五步:将字符串1和字符串2进行比较,相同即为验签通过,反之验签失败。
验签demo
1.
展开查看完整demo
import com.alibaba.fastjson.JSONObject;
import com.alibaba.fastjson.TypeReference;
import lombok.extern.log4j.Log4j2;
import org.apache.commons.lang3.ArrayUtils;
import sun.misc.BASE64Decoder;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.spec.X509EncodedKeySpec;
import java.util.TreeMap;
/**
* 公钥解签
*/
@Log4j2
public class RUtil {
/**
* 验证sign
* plainText 返回数据报文
* publicKey 公钥
* @return
*/
public static boolean checkSign(String plainText,String publicKey) throws Exception {
TreeMap<String ,Object> map = JSONObject.parseObject(plainText, new TypeReference<TreeMap<String, Object>>(){});
System.out.println(JSONObject.toJSONString(map));
StringBuilder sb = new StringBuilder();
String sign = "";
for (String key : map.keySet()){
if("sign".equals(key)){
sign =(String) map.get(key);
continue;
}
if (map.get(key) != null) {
sb.append(key).append("=").append(map.get(key)).append("&");
}
}
String res = sb.substring(0,sb.lastIndexOf("&"));
log.info("拼接字符串:"+res);
String sha256 = SHA256.getSHA256(res);
log.info("拼接串的SHA256:"+sha256);
String decodeSha256 = decrypt(publicKey,sign);
log.info("sign解密的SHA256:"+decodeSha256);
return sha256.equals(decodeSha256);
}
/**
* 公钥解密过程
*
* @param key 公钥
* @param data 密文数据
* @return 明文
* @throws Exception 解密过程中的异常信息
*/
public static String decrypt(String key, String data) throws Exception {
if (key == null) {
throw new Exception("解密公钥为空, 请设置");
}
PublicKey publicKey = getPublicKey(key);
byte[] cipherData = Base64Util.decode(data);
Cipher cipher = null;
try {
// 使用默认RSA
cipher = Cipher.getInstance("RSA");
cipher.init(Cipher.DECRYPT_MODE, publicKey);
byte[] buf = (byte[]) null;
for (int i = 0; i < cipherData.length; i += 256) {
byte[] doFinal = cipher.doFinal(ArrayUtils.subarray(cipherData, i, i + 256));
if(buf == null) {
buf = doFinal;
} else {
buf = addBytes(buf,doFinal);
}
}
return new String(buf);
} catch (NoSuchAlgorithmException e) {
throw new Exception("无此解密算法");
} catch (NoSuchPaddingException e) {
e.printStackTrace();
return null;
} catch (InvalidKeyException e) {
throw new Exception("解密公钥非法,请检查");
} catch (IllegalBlockSizeException e) {
throw new Exception("密文长度非法");
} catch (BadPaddingException e) {
throw new Exception("密文数据已损坏");
}
}
/**
* 数组拼接
* @param data1 数组1
* @param data2 数组2
* @return
*/
public static byte[] addBytes(byte[] data1, byte[] data2) {
byte[] data3 = new byte[data1.length + data2.length];
System.arraycopy(data1, 0, data3, 0, data1.length);
System.arraycopy(data2, 0, data3, data1.length, data2.length);
return data3;
}
/**
* 得到公钥
*
* @param key 密钥字符串(经过base64编码)
* @throws Exception
*/
public static PublicKey getPublicKey(String key) throws Exception {
byte[] keyBytes;
keyBytes = new BASE64Decoder().decodeBuffer(key);
X509EncodedKeySpec keySpec = new X509EncodedKeySpec(keyBytes);
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
PublicKey publicKey = keyFactory.generatePublic(keySpec);
return publicKey;
}
}
其中用到的工具类Base64Util:
public class Base64Util {
private static final char[] base64EncodeChars = new char[] { 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z', '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', '+', '/' };
private static byte[] base64DecodeChars = new byte[] { -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 62, -1, -1, -1, 63, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, -1, -1, -1, -1, -1, -1, -1, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, -1, -1, -1, -1, -1, -1, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, -1, -1, -1, -1, -1 };
private Base64Util() {}
/**
* 将字节数组编码为字符串
*
* @param data
*/
public static String encode(byte[] data) {
StringBuffer sb = new StringBuffer();
int len = data.length;
int i = 0;
int b1, b2, b3;
while (i < len) {
b1 = data[i++] & 0xff;
if (i == len) {
sb.append(base64EncodeChars[b1 >>> 2]);
sb.append(base64EncodeChars[(b1 & 0x3) << 4]);
sb.append("==");
break;
}
b2 = data[i++] & 0xff;
if (i == len) {
sb.append(base64EncodeChars[b1 >>> 2]);
sb.append(base64EncodeChars[((b1 & 0x03) << 4) | ((b2 & 0xf0) >>> 4)]);
sb.append(base64EncodeChars[(b2 & 0x0f) << 2]);
sb.append("=");
break;
}
b3 = data[i++] & 0xff;
sb.append(base64EncodeChars[b1 >>> 2]);
sb.append(base64EncodeChars[((b1 & 0x03) << 4) | ((b2 & 0xf0) >>> 4)]);
sb.append(base64EncodeChars[((b2 & 0x0f) << 2) | ((b3 & 0xc0) >>> 6)]);
sb.append(base64EncodeChars[b3 & 0x3f]);
}
return sb.toString();
}
/**
* 将base64字符串解码为字节数组
*
* @param str
*/
public static byte[] decode(String str) throws Exception{
byte[] data = str.getBytes("GBK");
int len = data.length;
ByteArrayOutputStream buf = new ByteArrayOutputStream(len);
int i = 0;
int b1, b2, b3, b4;
while (i < len) {
/* b1 */
do {
b1 = base64DecodeChars[data[i++]];
} while (i < len && b1 == -1);
if (b1 == -1) {
break;
}
/* b2 */
do {
b2 = base64DecodeChars[data[i++]];
} while (i < len && b2 == -1);
if (b2 == -1) {
break;
}
buf.write((int) ((b1 << 2) | ((b2 & 0x30) >>> 4)));
/* b3 */
do {
b3 = data[i++];
if (b3 == 61) {
return buf.toByteArray();
}
b3 = base64DecodeChars[b3];
} while (i < len && b3 == -1);
if (b3 == -1) {
break;
}
buf.write((int) (((b2 & 0x0f) << 4) | ((b3 & 0x3c) >>> 2)));
/* b4 */
do {
b4 = data[i++];
if (b4 == 61) {
return buf.toByteArray();
}
b4 = base64DecodeChars[b4];
} while (i < len && b4 == -1);
if (b4 == -1) {
break;
}
buf.write((int) (((b3 & 0x03) << 6) | b4));
}
return buf.toByteArray();
}
}
SHA256.java
import java.io.UnsupportedEncodingException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
public class SHA256 {
/**
* 利用java原生的类实现SHA256加密
*
* @param str 加密后的报文
* @return
*/
public static String getSHA256(String str) {
MessageDigest messageDigest;
String encodestr = "";
try {
messageDigest = MessageDigest.getInstance("SHA-256");
messageDigest.update(str.getBytes("UTF-8"));
encodestr = byte2Hex(messageDigest.digest());
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
}
return encodestr;
}
/**
* 将byte转为16进制
*
* @param bytes
* @return
*/
private static String byte2Hex(byte[] bytes) {
StringBuffer stringBuffer = new StringBuffer();
String temp = null;
for (int i = 0; i < bytes.length; i++) {
temp = Integer.toHexString(bytes[i] & 0xFF);
if (temp.length() == 1) {
stringBuffer.append("0");
}
stringBuffer.append(temp);
}
return stringBuffer.toString();
}
} 收不到异步通知排查方案
1.
所有地址(包括默认地址和多地址列表中的地址)必须提前向运营报备,可向运营咨询目前的通知地址配置。
2.
3.
异步通知地址必须外网可正常访问(生产环境映射地址由星驿付内部网络访问,商户侧无需关心其外网可达性,但商户的原始地址必须能接收来自星驿付服务器的回调)。
4.
若商户的异步通知地址设有IP白名单、HTTP Basic认证等访问控制,需确保星驿付服务器IP在允许范围内,或临时关闭校验进行测试。
请求参数
Header 参数
Body 参数application/json
返回响应
请求示例请求示例
Java
Shell
C#
PHP
响应示例响应示例
200 - 成功 - 示例 1
{
"rspCod": "000000",
"rspMsg": "success"
}修改于 2026-04-01 01:26:45