米大师pay接口90009 mp_sig error 错误
发布于 5 年前 作者 shaoyan 5901 次浏览 来自 问答

调用接口出错:https://api.weixin.qq.com/cgi-bin/midas/sandbox/pay?access_token=ACCESS_TOKEN

出错代码:

{ errcode: 90009,

  errmsg: ‘mp_sig error hint: [x0kHWa08621092]’ }

第一:已经根据

https://developers.weixin.qq.com/minigame/dev/tutorial/open-ability/midas-signature.html

对自己的签名方法进行了测试,结果正确。

---------check the nodejs crypt sha256 sign method with digest (‘hex’)

the target is :1ad64e8dcb2ec1dc486b7fdf01f4a15159fc623dc3422470e51cf6870734726b

the sig result:1ad64e8dcb2ec1dc486b7fdf01f4a15159fc623dc3422470e51cf6870734726b

---------the sha256 digest with (‘hex’) sig check is success!

---------check the nodejs crypt sha256 sign method with digest (‘hex’)

the target is :ff4c5bb39dea1002a8f03be0438724e1a8bcea5ebce8f221f9b9fea3bcf3bf76

mp_sig  result:ff4c5bb39dea1002a8f03be0438724e1a8bcea5ebce8f221f9b9fea3bcf3bf76

---------the sha256 digest with (‘hex’) mp_sig check is success!

第二:测试pay接口有几个疑问。

1、post options的参数是否设置正确?

const post_sandbox_options = {

hostname: api.weixin.qq.com,

port: 443,

path: ‘/cgi-bin/midas/sandbox/pay?access_token=’ + access_token,

method: ‘POST’,

headers: {

‘Content-Type’:‘application/json’,

‘Content-Length’:post_sandbox_body.length,

}

};

2、post的body数据,是不是要包含access_token?

{“access_token”:“17_4uVhw70eDY0NwVVt1yXw8tbPPgmfDc-Z6mmiM_-DyCFo6vLhRiy8PRF1r_nbNfqNhfqj3uoc3qpjoErDqLSQ3elElITaaYyk03K3Yfe_2Xj-GoZpDx6bWamVhEUOIOZzRpwyImBaKUcutsmSIGNdAFAXVC”,

“amt”:10,

“appid”:“wxf1453401f1893750”,

“bill_no”:“angus123”,

“offer_id”:“1450019397”,

“openid”:“otyb-4_WbtJc0W6va70J8sbMWGps”,

“pf”:“android”,

“ts”:1548338038,

“zone_id”:“1”,

“sig”:“795a63ba873783438aeca33790f05f3b2de7e16fa4a23fd33131d48e2402fef9”,

“mp_sig”:“657ea92d78a53e5d3dfca18d3b7190fed0c154182bdd14755d70ced92283d665”

}

3、post的url路径是不是正确

https://api.weixin.qq.com/cgi-bin/midas/sandbox/pay?access_token=17_4uVhw70eDY0NwVVt1yXw8tbPPgmfDc-Z6mmiM_-DyCFo6vLhRiy8PRF1r_nbNfqNhfqj3uoc3qpjoErDqLSQ3elElITaaYyk03K3Yfe_2Xj-GoZpDx6bWamVhEUOIOZzRpwyImBaKUcutsmSIGNdAFAXVC

这里卡了一天了,请帮忙看一下。

谢谢!

2 回复

感谢回复。

我这里有个问题。

1、就是post optionis写的对吗?

2、access_token是不是要放在post的body里面。

谢谢!

python -c "
import hashlib;
import hmac; stringSignTemp='access_token=17_BIPZjcKBH3WzDiFuWR_vHVsDKZkcm_FgRu1QSPdt2RJWgGHo_cTWz-U_Wp7BeR9uS8OplEws3i1QN-W9-tABhqvRcOsMTEYE1nA-J9GSsT0XUti-HYpwn8AsDjZa1ziO9NYK_EiYcWe-Bw23VSXjACAHEJ&amt=10&appid=wxf1453401f1893750&bill_no=Bill_123&offer_id=1450019397&openid=otyb-4_WbtJc0W6va70J8sbMWGps&pf=android&sig=8deaba5aa4bac640ac2a5c466b08263664fbdbef0bbd7c37c9e609dfba03058d&ts=1548318862171&zone_id=1&org_loc=/cgi-bin/midas/sandbox/pay?access_token=17_BIPZjcKBH3WzDiFuWR_vHVsDKZkcm_FgRu1QSPdt2RJWgGHo_cTWz-U_Wp7BeR9uS8OplEws3i1QN-W9-tABhqvRcOsMTEYE1nA-J9GSsT0XUti-HYpwn8AsDjZa1ziO9NYK_EiYcWe-Bw23VSXjACAHEJ&method=POST&session_key=HVdyVnT9FNfSvs8IxK0Jrg==';
key='HVdyVnT9FNfSvs8IxK0Jrg=='
print hmac.new(key, msg=stringSignTemp,digestmod=hashlib.sha256).hexdigest()
"

406326e0a844257ee50082bf4527e5e04456650bff95af2268760f0adcec033e

你这签名的算法应该是对的(如果上面参数排序没问题的话),那么就需要检查对应的参数是否正确,比如这里用作签名的key,也就是session_key是否最新的(每次wx.login后,都需要用code去换最新的session_key)。 如果这个参数对不上,那签名最终也会对不上。

回到顶部