W Checkout En
    W Checkout En
    • Introduction
    • Integration Preparation
    • Quick Start
      • Integrating Order Payment
      • Refunds
      • Settlement
      • Webhook
      • Enumeration Reference Table
    • API Reference
      • auth
        • get AccessToken
      • order
        • CreateCheckoutOrder
        • CancelCheckoutOrder
        • GetCheckoutOrderInfo
        • GetCheckoutOrderList
      • refund-order
        • CreateRefundOrder
        • CancelRefundOrder
        • GetRefundOrderInfo
        • GetRefundOrderList
      • settlement
        • CreateSettlementOrder
        • CreateFiatSettlementOrder
        • CancelSettlementOrder
        • GetSettlementOrder
        • GetSettlementOrderList
      • abnormal-payment
        • GetAbnormalPaymentList
        • CreateAbnormalPaymentRefund
      • Webhook
        • WcheckoutWebhook

    Integration Preparation

    This article describes the preliminary work required before integrating the W Checkout payment function, helping you verify the functionality and ensure the integration runs smoothly.
    Register and Obtain Credentials
    Please contact the W Checkout team to complete registration.
    Obtain the following credentials:
    apiKey
    apiSecret
    signKey
    API Environment Domains
    EnvironmentAPI DomainDashboard Address
    Sandboxhttps://openapi.stg.stablelink.apphttps://www.stg.stablelink.app/login
    Productionhttps://openapi.stablelink.apphttps://www.stablelink.app/login
    Authentication Method
    1.
    Request Body Signature
    All requests must include a signature in the HTTP Header.
    Use the signKey to sign a specified string.
    Signature string construction rules:
    Example
    Signature Field Description
    HTTP Method: Uppercase letters (GET/POST/PUT/DELETE).
    Timestamp: Request initiation timestamp (milliseconds). If the timestamp differs from the server time by more than 2 minutes, the request will be rejected.
    URI: Interface path (excluding the domain).
    Query String: Unencoded query parameters (i.e., the content after ?).
    Request Body: The request body with spaces removed (JSON format string). Please place the raw body text for signing directly into the HTTP body, do not use an object. File parameters do not require signing.
    2.
    Response Signature
    Response signatures follow the same rules as request signatures. The customer is responsible for verifying the signature in the response using the same process. Verification process:
    The customer will use the same signature components (HTTP method, timestamp, URL, query string, and response body) to generate the signature string.
    The signature can be verified by comparing the generated signature with the D-Signature header in the response.
    If the signatures match, the response is valid. If they do not match, the response should be rejected.
    3.
    JAVA Authentication Example
    4.
    JS Authentication Example
    Developer Notes
    Clock Synchronization: It is recommended that client servers enable NTP to synchronize time to avoid signature verification failures.
    Idempotency: It is recommended to include a nonce or request ID in critical requests (payment, refund) to avoid replay attacks.
    Debugging Suggestions: Conduct interface debugging and signature verification in the Sandbox environment first.
    Modified at 2026-01-20 03:13:28
    Previous
    Introduction
    Next
    Integrating Order Payment
    Built with