Scenario: Cooperating with a traditional enterprise, user transactions are settled using their offline cashier system. Before checkout, they will interact with the API provided by us, request the coupon provided by our platform, confirm the actual amount receivable, complete the transaction, and finally Provide us with transaction order details.
Because the interface data involves some transaction amounts, etc., what should be done to ensure the legitimacy, security, etc. of the interface request.
Please refer to Alipay. . Public key private key ssl
SSL is a must, and the other thing is the security of the interface and data. Not much to say about interface verification, it is best to keep the coupon identification code unique and destroy it after use.
sign(consistent hashing) + token(login verification)