Security Requirements and Message Format
This section aims to explain the signature mechanism and message content used between the integrating party's system and EVO Payment when starting API integration.
Message Protocol
Communication must comply with the HTTP protocol.
Message Content
According to the HTTP protocol, the message content should be divided into two separate parts: HTTP request/response Header and HTTP request/response Body.
Request/Response Header
The request/response Header should include the following parameters:
| Header Parameter | Description |
|---|---|
| Authorization | Signature |
| Content-Type | Fixed value: application/json |
| MsgID | Message ID. It is recommended to use UUID, e.g., 2d21a5715c034efb7e0aa383b885fc7a, with a length not exceeding 32 characters. |
| DateTime | Time the message is sent. Request time format: YYYYMMDDhhmmss+hh00, e.g., 20210618115532+0800. |
| SignType | Method of signing the message, e.g., SHA256, SHA512, or SM2. |
Request/Response Body
For detailed information about the request/response Body, please refer to the respective API specifications. The request/response Body must be in JSON format and follow UTF-8 encoding.
