环境与访问方式Environment & access
| 项目Item |
说明Description |
| 测试环境网关Test (UAT) gateway |
http://open.saferoute.global:16000(文档中下记为 {BASE} 时,测试联调请替换为此地址)http://open.saferoute.global:16000 — use this as {BASE} for UAT. |
| 生产环境网关Production gateway |
由运营人员通过邮件单独发送,请勿使用测试地址上线。The production base URL is sent by operations via email; do not use the UAT host in production. |
| 请求方法HTTP method |
统一 POSTAlways POST |
| 路径格式Path pattern |
{BASE}/api/route + 接口相对路径(见下表){BASE}/api/route + relative path (see table below) |
| 幂等Idempotency |
相同 X-App-Id 与 X-Request-no 可能返回首次结果Same X-App-Id + X-Request-no may return the first outcome |
商户在开放平台完成开户后获得 X-App-Id、RSA 密钥材料、是否 IP 白名单等。路由与权限由平台后台配置。After onboarding you receive X-App-Id, RSA key material, optional IP allowlists, etc. Routes and permissions are configured in the platform console.
请求约定Request conventions
HTTP 头(必填)Required HTTP headers
| 头名称Header |
说明Description |
X-App-Id | 应用标识;与报文中 memberId(若上传)须一致App id; must match memberId in body when present |
X-Sign | RSA-SHA256 签名,Base64RSA-SHA256 signature, Base64 |
X-Timestamp | 毫秒时间戳,与网关偏差建议 1 分钟内Millis timestamp; keep within ~1 minute of gateway time |
X-Nonce | 随机串,防重放Random nonce, replay protection |
X-Request-no | 请求流水号,建议全局唯一Request id; should be globally unique |
Content-Type: application/json
请求体Request body
外层固定为密文包装:Outer envelope is always encrypted:
{ "data": "<RSA ciphertext Base64>" }
明文为各接口业务 JSON(UTF-8),使用平台下发的加密公钥加密。签名字符串:Plaintext is per-API business JSON (UTF-8), encrypted with the platform encryption public key. Sign string:
X-App-Id + ";" + X-Timestamp + ";" + X-Nonce + ";POST;" + plaintext JSON
使用商户签名私钥签名;网关用平台验签公钥校验。密钥命名以运营说明为准。Sign with the merchant signing private key; the gateway verifies with the platform public key. Key naming follows operations’ guide.
响应体Response body
{
"code": "0000",
"message": "Success",
"data": "<RSA ciphertext Base64>"
}
使用商户解密私钥解密 data。内层常见字段:Decrypt data with the merchant private key. Inner fields often include:
| 字段Field |
说明Description |
code | 业务状态码;成功多为 "200"(与外层不同,以联调为准)Business code; success often "200" (differs from outer layer; confirm in UAT) |
msg / message | 提示信息Message text |
data | 业务载荷;下文「响应说明」均指该字段结构Payload; “Response” below means this inner data |
响应头可能含 X-Sign、X-Timestamp、X-Nonce,验签规则以运营细则为准。Response may include X-Sign, X-Timestamp, X-Nonce; verify per operations’ rules.
收单类开放接口(7 个)Acquire APIs (7)
以下路径接在 {BASE}/api/route 之后。若环境配置了版本或前缀,以运营确认为准。Append these paths after {BASE}/api/route. Version or prefix overrides follow operations.
| # |
说明Summary |
路径Path |
| 1 | 查询可充值链路、币种等信息Deposit chains & currencies | /orderApi/getDepositInfo |
| 2 | 创建收单订单Create payment order | /orderApi/createPaymentOrder |
| 3 | 收单订单分页列表Paged order list | /orderApi/queryAcquireOrderList |
| 4 | 收单订单详情Order detail | /orderApi/queryAcquireOrder |
| 5 | 创建退款Create refund | /orderApi/createRefundOrder |
| 6 | 查询退款进度Query refund | /orderApi/queryRefundOrder |
| 7 | 更新收单支付信息(换链/换币种等)Update pay info (chain/currency) | /orderApi/updatePayInfo |
示例(占位):Example (placeholder): POST {BASE}/api/route/orderApi/createPaymentOrder
测试环境完整示例:UAT full URL example: POST http://open.saferoute.global:16000/api/route/orderApi/createPaymentOrder
查询链路 / 币种 — getDepositInfoChains & tokens — getDepositInfo
POST …/orderApi/getDepositInfo
请求明文Request plaintext
| 字段Field |
类型Type |
必填Required |
说明Description |
memberId | String |
视环境Env-dependent |
是否必填以联调及运营说明为准Confirm required or not in UAT / with operations |
响应 data(数组)Response data (array)
链路列表元素字段:Each chain item includes: chainName, regular, chainId, coinTokenModels.
coinTokenModels
| 字段Field |
类型Type |
说明Description |
coinSymsbol | String | 币种符号(字段名以实际 JSON 为准)Symbol (field name as in actual JSON) |
showName | String | 展示名称Display name |
tokenBaseName | String | 基础名称Base name |
currencyId | String | 报价币种 IDQuote currency id |
checkCount | Integer | 链上确认数要求Required on-chain confirmations |
创建收单订单 — createPaymentOrderCreate order — createPaymentOrder
POST …/orderApi/createPaymentOrder
请求明文Request plaintext
| 字段Field |
类型Type |
必填Req |
说明Description |
memberId | String | 是Yes | 与 X-App-Id 一致Same as X-App-Id |
memberOrderNo | String | 是Yes | 商户订单号,建议唯一Merchant order no.; should be unique |
chainId | Integer | 是Yes | 链路 IDChain id |
description | String | 是Yes | 订单描述Order description |
currencyId | Integer | 是Yes | 报价币种 IDQuote currency id |
quoteAmount | String | 是Yes | 报价金额Quoted amount |
memberNotifyUrl | String | 是Yes | 订单状态异步通知 HTTPS 地址HTTPS URL for async order status |
响应 dataResponse data
| 字段Field |
类型Type |
说明Description |
memberOrderNo | String | 商户订单号Merchant order number |
outTradeNo | String | 平台收单订单号Platform acquire order id |
chainId | Integer | 链路 IDChain id |
description | String | 描述Description |
userWalletAddress | String | 收款地址(展示给用户)Deposit address (show to payer) |
expiredTime | String | 过期时间(格式以联调为准)Expiry time (format per UAT) |
收单订单列表 — queryAcquireOrderListOrder list — queryAcquireOrderList
POST …/orderApi/queryAcquireOrderList
商户范围由网关根据 X-App-Id 识别,请求体一般无需再传 memberId。Merchant scope comes from X-App-Id; you usually omit memberId in the body.
请求明文Request plaintext
| 字段Field |
类型Type |
必填Req |
说明Description |
paymentStatus | Integer | 否No | 支付状态筛选Filter by payment status |
orderStartTime | String | 否No | 开始时间Start time |
orderEndTime | String | 否No | 结束时间End time |
current | Long | 是Yes | 当前页Current page |
size | Long | 是Yes | 每页条数Page size |
响应 data(分页)Response data (page)
| 字段Field |
类型Type |
说明Description |
total | Long | 总记录数Total rows |
totalPage | Long | 总页数Total pages |
current | Long | 当前页Current page |
size | Long | 每页条数Page size |
rows | Array | 订单摘要列表Order summary rows |
rows 单项rows item
| 字段Field |
说明Description |
memberOrderNo | 商户订单号Merchant order number |
outTradeNo | 平台收单订单号Platform acquire order id |
chainId | 链路 IDChain id |
paymentStatus | 0 已支付;1 待支付;2 确认中;3 部分支付;4 失败;5 已退款;6 退款中;7 待退款失败;8 入帐中;9 已关闭0 paid; 1 pending; 2 confirming; 3 partial; 4 failed; 5 refunded; 6 refunding; 7 refund pending fail; 8 crediting; 9 closed |
fromAddress | 付款地址(若有)Payer address if present |
orderStartTime | 订单创建时间Order created time |
orderEndTime | 订单结束/过期时间Order end / expiry time |
收单订单详情 — queryAcquireOrderOrder detail — queryAcquireOrder
POST …/orderApi/queryAcquireOrder
请求明文Request plaintext
| 字段Field |
类型Type |
必填Req |
memberOrderNo | String | 是Yes |
响应 data 字段Response data fields
| 字段Field |
类型Type |
说明Description |
chainId | Integer | 链路 IDChain id |
memberOrderNo | String | 商户订单号Merchant order number |
quoteAmount | String | 订单报价金额Quoted order amount |
quoteCurrencySymbol | String | 报价币种符号(法币或数币,大写)Quote currency symbol (fiat or crypto, upper case) |
orderEndTime | String | 订单有效期/过期时间Order validity / expiry |
paymentTime | String | 支付时间(未支付可能为空)Paid time (empty if unpaid) |
paymentStatus | Integer | 含义同订单列表中的 paymentStatusSame semantics as list paymentStatus |
fromAddress | String | 付款地址(可能为空,以联调为准)Payer address (may be empty; confirm in UAT) |
paymentResult | Object | 支付结果明细,见下表Payment breakdown; see table below |
refundInfo | Object | 退款信息(无退款时子字段可能为空),见下表Refund info; subfields may be empty; see below |
paymentResult
| 字段Field |
类型Type |
说明Description |
paymentAmt | String | 实付金额Paid amount |
paymentFee | String | 收单手续费Acquire fee |
paymentCcy | String | 支付币种Payment currency |
exchangeRate | String | 汇率(若有)FX rate if applicable |
refundInfo
| 字段Field |
类型Type |
说明Description |
refundTime | String | 退款时间Refund time |
refundHash | String | 退款链上哈希On-chain refund tx hash |
refundAmt | String | 退款金额Refund amount |
refundFee | String | 退款手续费Refund fee |
refundCcy | String | 退款币种Refund currency |
transferAddress | String | 退款收款地址Refund recipient address |
创建退款 — createRefundOrderCreate refund — createRefundOrder
POST …/orderApi/createRefundOrder
请求明文Request plaintext
| 字段Field |
类型Type |
必填Req |
说明Description |
memberId | String | 是Yes | 与 X-App-Id 一致Same as X-App-Id |
memberOrderNo | String | 是Yes | 原收单商户订单号Original merchant order number |
refundAmount | String | 是Yes | 退款金额Refund amount |
refundCallbackUrl | String | 是Yes | 退款结果异步通知 HTTPSHTTPS URL for async refund result |
响应 dataResponse data
| 字段Field |
类型Type |
说明Description |
refundOrderNo | String | 平台退款单号(查询与对账请保存)Platform refund id — store for queries & reconciliation |
refundStatus | Integer | 0 成功;1 退款中;4 失败;5 审核驳回(以联调为准)0 success; 1 processing; 4 failed; 5 rejected (confirm in UAT) |
refundAmount | Number | 预计到账退款金额Expected refund amount credited |
refundFee | Number | 手续费Fee |
refundSymbol | String | 退款币种符号Refund currency symbol |
refundRemark | String | 备注/说明Remark / note |
toAddress | String | 退款目标地址Destination address for refund |
查询退款 — queryRefundOrderQuery refund — queryRefundOrder
POST …/orderApi/queryRefundOrder
请求明文Request plaintext
| 字段Field |
类型Type |
必填Req |
memberId | String | 是Yes |
refundOrderNo | String | 是Yes |
响应 data 字段Response data fields
| 字段Field |
类型Type |
说明Description |
memberOrderNo | String | 商户订单号Merchant order number |
outTradeNo | String | 平台收单订单号Platform acquire order id |
refundOrderNo | String | 退款单号Refund order number |
refundStatus | Integer | 退款状态,含义同创建退款接口Refund status; same as create-refund response |
refundFailReason | String | 失败原因(失败/驳回时有值)Failure reason when failed or rejected |
refundAmount | String | 退款金额Refund amount |
refundFee | String | 手续费Fee |
refundTime | String | 退款发起时间Refund initiated time |
refundCompleteTime | String | 退款完成时间Refund completed time |
transferHash | String | 退款交易哈希On-chain transfer / refund hash |
更新收单支付信息 — updatePayInfoUpdate pay info — updatePayInfo
POST …/orderApi/updatePayInfo
请求明文Request plaintext
| 字段Field |
类型Type |
必填Req |
说明Description |
memberId | String | 是Yes | 与 X-App-Id 一致Same as X-App-Id |
chainId | Integer | 是Yes | 新链路 IDNew chain id |
currencyId | int | 是Yes | 新报价币种 IDNew quote currency id |
memberOrderNo | String | 是Yes | 商户订单号Merchant order number |
响应 dataResponse data
| 字段Field |
类型Type |
说明Description |
userWalletAddress | String | 更新后的收款子合约/钱包地址Updated deposit sub-wallet / contract address |
saltHash | String | 子合约校验用盐值哈希(与通知、链上校验配套,以联调为准)Salt hash for sub-contract checks (see UAT / notifications) |
异步通知(商户服务端)Webhooks (merchant server)
收单订单状态 — memberNotifyUrlOrder status — memberNotifyUrl
订单状态变更后 POST JSON,常见字段包括:memberOrderNo、outTradeNo、chainId、description、quoteCurrencySymbol、quoteAmount、userWalletAddress、saltHash、paymentStatus、时间字段、支付金额/手续费/币种、remark,以及退款相关字段(有则返回)。On status change, platform POSTs JSON. Typical fields: memberOrderNo, outTradeNo, chainId, description, quoteCurrencySymbol, quoteAmount, userWalletAddress, saltHash, paymentStatus, timestamps, paid amount/fee/currency, remark, and refund fields when applicable.
回执: HTTP Body 建议返回 JSON,且 code 整型为 200 表示接收成功,否则平台可能重试。Ack: Respond with JSON whose integer code is 200 for success; otherwise retries may occur.
退款结果 — refundCallbackUrlRefund result — refundCallbackUrl
常见字段:refundOrderNo、memberOrderNo、outTradeNo、refundAmount、refundSymbol、amountFee、toAddress、refundStatus、refundRemark、refundHash。成功回执约定同上。Typical fields: refundOrderNo, memberOrderNo, outTradeNo, refundAmount, refundSymbol, amountFee, toAddress, refundStatus, refundRemark, refundHash. Same ack rules as above.
安全与联调清单Security & UAT checklist
- 密钥勿入仓库;生产与测试密钥分离。Never commit keys; separate prod and test secrets.
- 仅调用本文档列出的开放路径。Call only documented open paths.
- 时间戳、随机串、流水号与 HTTPS 通知按规范实现。Implement timestamps, nonce, request id, and HTTPS webhooks per spec.
商户侧检查清单Merchant checklist
- 已获得
X-App-Id 与 RSA 密钥材料Received X-App-Id and RSA key material
- 已实现请求加密、签名及响应解密、验签Request encrypt/sign and response decrypt/verify implemented
- 已在测试环境验证 7 个接口All seven APIs verified in test
- 已实现异步通知并按约定返回成功标识Webhooks implemented with correct success marker
- 已确认幂等与时间戳窗口策略Idempotency and timestamp window agreed