跳出ping++開發中API請求異常問題

近期在作微信支付那方面的工做,因爲要在以前開發人員的基礎上進行開發,其中使用到了ping++這個第3方支付的SDK。不得不說,ping++的SDK作的挺簡單的,可是其文檔真心寫的有點坑。不過相對其餘的接入,坑少了那麼一些。
下面梳理下正常開發的流程,請點擊下面的連接付款。
能夠看到主要有5個步驟:

1. 設置 API-Key

2. SDK 驗證簽名設置

3. 發起支付請求獲取支付憑據

4. 將得到的支付憑據傳給 Client

5. 接收 Webhooks通知(開啓Live模式纔有用)

而後再看下SDK交易流程,能夠發現寫的仍是挺通俗易懂的。
我的以爲比較坑爹的是它API文檔的部分,徹底就是逗你玩的。爲何這麼說,請往下看。
官方說Ping++的API採用REST風格設計,真的是REST風格,徹底停留在CURD的階段,離後面的發展還有很長的路要走。實話說,Github API寫的還比較像REST些,而這個ping++的就不想說了。

入坑

下面咱們正式入坑,其最簡單的方式以下,使用curl進行請求:

curl https://api.pingxx.com/v1/charges \
  -u sk_test_ibbTe5jLGCi5rzfH4OqPW9KC:

官方採用Authentication Basic的方式進行驗證,通常都會過的,返回你要的數據。可是官方提供的例子真心的簡單,並且只用uncap這種方式,而咱們公司要使用的是微信公衆支付,那麼坑就出來了。當時我是這樣請求的:

c@y-pc:~$ curl https://api.pingxx.com/v1/charges   -u sk_test_ibbTe5jLGi5rzfH4OqPW9KC:   -d order_no=123456789   -d amount=100   -d app[id]=app_1Gqj58ynP0mHeX1q   -d channel=wx_pub   -d currency=cny   -d client_ip=127.0.0.1   -d subject="Your Subject"   -d body="Your Body"   -d extra='{"open_id":"xxxxx"}'
{
    "error": {
        "type": "invalid_request_error",
        "message": " 無效的參數 extra: 必須是一組鍵值對",
        "param": "extra"
    }

注意,這裏咱們將channel修改成wx_pub了,所以必須添加1個extra字段,在該字段中有1個open_id必填的玩意。結果,老是提示extra必須是1組鍵值對。很明顯,難道extra='{"open_id":"xxxxx"}不是1個鍵值對嗎,可是機器看不出來它是。

出坑

後面,咱們準備跳出這個坑,咱們去看官方給咱們提供的SDK中的例子,能夠發現app[id]這裏的id是以{"id":"xxxx"}這樣的方式存在的,而不是理解爲app[id]這樣1個字段,所以咱們換個方式進行請求:

curl https://api.pingxx.com/v1/charges   -u sk_test_ibbTe5jLGi5rzfH4OqPW9KC:   -d order_no=123456789   -d amount=100   -d app[id]=app_1Gqj58ynP0mHeX1q   -d channel=wx_pub   -d currency=cny   -d client_ip=127.0.0.1   -d subject="Your Subject"   -d body="Your Body"   -d extra[open_id]=xxxxx
{
    "id": "ch_C4O4CKXHCK48rnvn5CH8iP4G",
    "object": "charge",
    "created": 1460257030,
    "livemode": false,
    "paid": false,
    "refunded": false,
    "app": "app_1Gqj58ynP0mHeX1q",
    "channel": "wx_pub",
    "order_no": "123456789",
    "client_ip": "127.0.0.1",
    "amount": 100,
    "amount_settle": 100,
    "currency": "cny",
    "subject": "Your Subject",
    "body": "Your Body",
    "extra": {
        "open_id": "xxxxx"
    },
    "time_paid": null,
    "time_expire": 1460264230,
    "time_settle": null,
    "transaction_no": null,
    "refunds": {
        "object": "list",
        "url": "/v1/charges/ch_C4O4CKXHCK48rnvn5CH8iP4G/refunds",
        "has_more": false,
        "data": []
    },
    "amount_refunded": 0,
    "failure_code": null,
    "failure_msg": null,
    "metadata": {},
    "credential": {
        "object": "credential",
        "wx_pub": {
            "appId": "wxmbrpg8tm1k04yzbt",
            "timeStamp": 1460257030,
            "nonceStr": "25c7de13570a1b5f6d23614bdf49443d",
            "package": "prepay_id=1101000000160410rtepylz1surl5uzd",
            "signType": "MD5",
            "paySign": "10F1AACE79C0ED0E10EB4080D140F913"
        }
    },
    "description": null

這裏咱們將open_id放在extra中就成功了,這樣才能夠接收到。不得不說,這API調用徹底就是1個坑。主要是官方沒有提供明確的請求頭信息給咱們,致使咱們一直在兜圈。
因此,我不排除這文檔就是1個實習生寫的。不得不說,官方給咱們提供了1個不知名的REST的scheme,若是不是過這個坑徹底就是不知道它在弄哪樣。好比jsonapi提供了這樣1種請求方式,預計若是不說明,你也看不懂它寫的是什麼:

GET /posts?include=author&sort[posts]=-created,title&sort[people]=name

下面是上述請求的響應頭信息:

c@y-pc:~$ curl https://api.pingxx.com/v1/charges   -u sk_test_ibbTe5jLGCi5rzfH4OqPW9KC:   -d order_no=123456789   -d amount=100   - app[id]=app_1Gqj58ynP0mHeX1q   -d channel=wx_pub   -d currency=cny   -d client_ip=127.0.0.1   -d subject="Your Subject"   -d body="Your Body"   -d extra[open_id]=xxxxx -v
*   Trying 121.43.74.100...
* Connected to api.pingxx.com (121.43.74.100) port 443 (#0)
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: none
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* NPN, negotiated HTTP1.1
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Unknown (67):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server did not agree to a protocol
* Server certificate:
*      subject: C=CN; ST=Shanghai; L=Shanghai; O=Shanghai Jianmi Network Technology Co., LTD; OU=IT; CN=api.pingxx.com
*      start date: Nov 19 00:00:00 2015 GMT
*      expire date: Jan 17 23:59:59 2017 GMT
*      subjectAltName: api.pingxx.com matched
*      issuer: C=US; O=Symantec Corporation; OU=Symantec Trust Network; CN=Symantec Class 3 Secure Server CA - G4
*      SSL certificate verify ok.
* Server auth using Basic with user 'sk_test_ibbTe5jLGCi5rzfH4OqPW9KC'
> POST /v1/charges HTTP/1.1
> Host: api.pingxx.com
> Authorization: Basic c2tfdGVzdF9pYmJUZTVqTEdDaTVyemZINE9xUFc5S0M6
> User-Agent: curl/7.47.1
> Accept: */*
> Content-Length: 163
> Content-Type: application/x-www-form-urlencoded
> 
* upload completely sent off: 163 out of 163 bytes
< HTTP/1.1 200 OK
< Date: Sun, 10 Apr 2016 03:26:51 GMT
< Content-Type: application/json;charset=utf-8
< Content-Length: 1229
< Connection: keep-alive
< X-Powered-By: PHP/5.6.2
< Access-Control-Allow-Methods: GET, POST, HEAD, OPTIONS, DELETE
< Access-Control-Max-Age: 300
< Access-Control-Allow-Credentials: true
< Cache-Control: no-cache, no-store
< Strict-Transport-Security: max-age=31536000; includeSubDomains

咱們使用-v選項查看了其詳細的內容,甚至連TCP的3次握手過程均可以看到。
還有就是出錯信息,最好看下面的連接報錯信息。

參考文章:

https://www.pingxx.com/document/api/#api-charges