Development
Quickstart
Miniapp backend development
Your Miniapp needs a backend to allow integration with SuperQi backend to fetch the user info and authenticate the user, it completes the second half of the flow
Auth Flow
Project Setup
Before sending requests to SuperQi backend, you need to have the private key submitted when creating the merchant account, as it will be used to sign requests sent to the backend.
Request Body Generation
Parameter Structure
All request bodies are generated as JSON objects containing the required parameters for each API endpoint:
- ApplyToken: Contains
grantTypeandauthCode - InquiryUserInfo: Contains
accessToken - InquiryUserCardList: Contains
accessToken
Authentication and Security
1. Request Headers
Each request includes the following headers:
Content-Type: application/json; charset=UTF-8
Client-Id: your_client_id
Request-Time: 2024-01-01T12:00:00-07:00
Signature: algorithm=RSA256, keyVersion=1, signature=base64_encoded_signature
2. Signature Generation
The signature is generated using the following process:
- Create Sign Content:
{HTTP_METHOD} {PATH}\n {CLIENT_ID}.{REQUEST_TIME}.{JSON_CONTENT} - Hash the Content:
- Use SHA-256 to hash the sign content
- Sign with RSA:
- Use the merchant's private key to sign the hash
- Use PKCS1v15 padding
- Base64 Encode:
- Encode the signature in base64 format
Example:
signContent := fmt.Sprintf("%s %s\n%s.%s.%s",
httpMethod, path, clientID,
requestTime, content
)
hash := sha256.Sum256([]byte(signContent))
signature, err := rsa.SignPKCS1v15(nil, privateKey, crypto.SHA256, hash[:])
base64Signature := base64.StdEncoding.EncodeToString(signature)
Example
You can find a complete implementation sample here