Alipay cannot be called back or verification fails after callback

Alipay cannot be called back or verification fails after callback

       First of all: no callback? Still enter the callback function but the verification fails and Alipay returns failure?

       According to normal logic, if the verification fails, no business processing will be performed to modify the order status, and the order will remain unpaid. To determine whether there is no callback or verification failure, you can print the information obtained in the request in the callback function, or save it to Redis for viewing.

       One: no callback

       If there is no callback, it is very likely that your notify_url cannot be accessed from the external network. This situation can easily occur during the local debugging period. You can use DingTalk to penetrate the external network. For details, please refer to the middle part of my article https://juejin.im/post/6844903742308007949.

       If there is no access on the server, it will be a problem of https. The SSL certificate registered by the company is not standard and Alipay cannot recognize https. For confirmation, please change to http access and try to see if the callback can be normal.

       Two: Sign verification failed       

       Alipay s signature verification method uses the SDK's own method (for the specific and complete callback method, please refer to https://juejin.im/post/6844903742308007949), as follows:

boolean signVerified = AlipaySignature.rsaCheckV1(params, alipayConfig.getAlipayPublicKey(), AlipayConfig.charset, AlipayConfig.signType); 

The parameters are: information obtained from the request (Map format), Alipay public key, encoding method, and signature method.

Since it is a method encapsulated in the SDK, it is extremely unlikely that there will be a problem, so 100% of the problem lies in the parameters. Let's talk about them one by one.

1.params This is the information returned by Alipay. As long as Alipay returns the information to you, it must be in a standard format. The possibility of error is also very small. Some of the parameters may be null, but the verification packaged in the SDK It will definitely be eliminated in the signing method. So this parameter basically won't cause a problem.

2. Encoding format and encryption method, these two are generally fixed, UTF-8 and RSA2, generally will not cause problems.

3. Alipay public key, which is most likely to go wrong. Let me talk about the generation method of this parameter first, enter open.alipay.com, log in and enter my open platform, find the Developer Center in the upper left corner --> Web & Mobile Application, find your own application and click to view details


Download the encryption tool according to the official document https://docs.open.alipay.com/200/105310, generate a public key and a private key, paste the public key here, the later Alipay public key will be automatically generated, and the private key will be stored locally. The Alipay public key you need for verification is the string of the Alipay public key in the picture above.

       The problem lies in downloading the encryption tool. The latest version of V1.4 must be used here (updated according to Alipay official website)


If you use the old version, the payment can still be successful but the verification will fail! ! !

If you use the old version, the payment can still be successful but the verification will fail! ! !

If you use the old version, the payment can still be successful but the verification will fail! ! !

You can see that there is also a signature verification function in the menu bar at the top of this tool. You can verify it here first with the public key and private key you generated.

       If there are any errors or questions above, please correct or raise them in the comment area, thank you!