Write before

First of all, this version is V1.3, updated on 2020.03.15. There was a payment score of v1.0 before.v1.0 and v1.3 are already quite different, so don't let me take them off the track if you're doing a good version of this.

preparation in advance

Looking at this article, I believe you have made preparations, including opening WeChat payment points, submitting relevant documents to Tencent's business and obtaining your own WeChat payment service_id

Coding

WeChat Payment Score provides more detailed documentation, and this development will also reach him. api-v3 Interface Rules

Last official document interface

WeChat Payment Subdocument Address:https://pay.weixin.qq.com/wiki/doc/apiv3/wxpay/payscore/chapter1_1.shtml

(api-v3 rule documentation:)https://wechatpay-api.gitbook.io/wechatpay-api-v3/(

Of course, this address may change later, so go to Baidu and look for it

First of all, the most important thing is to create WeChat Payment Sub-orders without going directly to the code

 1 public function zhiFen($order0no='', $ya_money=2)
 2     {
 3         $url = "https://api.mch.weixin.qq.com/v3/payscore/serviceorder";
 4         $json = [ // JSON Requestor
 5             'out_order_no' => $order0no,//Order number
 6             'appid' => '',
 7             'service_id' => '',
 8             'service_introduction' => 'Use rent for escort',
 9             'time_range' => ['start_time' => 'OnAccept'],
10             'risk_fund' => ['name' => 'DEPOSIT', 'amount' => 2],
11             'notify_url' => url('index', '', false, true),
12             'need_user_confirm' => true,
13         ];
14 
15         $arr_header[] = "Content-Type: application/json";
16         $arr_header[] = "Accept: application/json";
17         $arr_header[] = "User-Agent: " . $_SERVER['HTTP_USER_AGENT'];
18 
19         $http_method = 'POST';
20         $timestamp = time();
21         $nonce = $this->str_rand(32);
22         $body = json_encode($json, true);
23         $merchant_id = '';  //Business Number
24         $serial_no = '';       //This is the certificate number This must use a new version of the certificate
25 
26         $url_parts = parse_url($url);
27         $path = APP_PATH . 'cert/';
28         $mch_private_key = PemUtil::loadPrivateKey($path . 'apiclient_key.pem');
29 
30         $canonical_url = ($url_parts['path'] . (!empty($url_parts['query']) ? "?${url_parts['query']}" : ""));
31         $message = $http_method . "\n" .
32             $canonical_url . "\n" .
33             $timestamp . "\n" .
34             $nonce . "\n" .
35             $body . "\n";
36 
37         openssl_sign($message, $raw_sign, $mch_private_key, 'sha256WithRSAEncryption');
38         $sign = base64_encode($raw_sign);
39 
40         $schema = 'WECHATPAY2-SHA256-RSA2048 ';
41         $token = sprintf('mchid="%s",nonce_str="%s",timestamp="%d",serial_no="%s",signature="%s"',
42             $merchant_id, $nonce, $timestamp, $serial_no, $sign);
43         //This is the authentication parameter generated and added to the request header
44         $arr_header[] = "Authorization:" . $schema . $token;
45         $res = $this->https_request($url, json_encode($json), $arr_header);
46         $res_arr = json_decode($res, true);
47         $sign_type = "HMAC-SHA256";//HMAC-SHA256 Signature Method
48         $key = "hHezylOkgatMqYKrVeQthR4qfGvyOebD";
49         $res_arr['timestamp'] = $timestamp;
50         $res_arr['nonce_str'] = $nonce;
51         $res_arr['sign_type'] = $sign_type;
52 
53         $res_arr['sign'] = bc_sign([
54             'mch_id'=>$merchant_id,
55             'package'=>$res_arr['package'],
56             'timestamp'=>$timestamp,
57             'nonce_str'=>$nonce,
58             'sign_type'=>$sign_type,
59         ],$key);
60         $this->success('', $res_arr);
61     }
62 
63     //Generate Random String
64     public function str_rand($length = 32, $char = '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ')
65     {
66         if (!is_int($length) || $length < 0) {
67             return false;
68         }
69         $string = '';
70         for ($i = $length; $i > 0; $i--) {
71             $string .= $char[mt_rand(0, strlen($char) - 1)];
72         }
73 
74         return $string;
75     }
76 
77     //Request Method    
78     private function https_request($url, $data = null, $arr_header = [])
79     {
80         $curl = curl_init();
81         //curl_setopt ( $curl, CURLOPT_SAFE_UPLOAD, false);
82         curl_setopt($curl, CURLOPT_URL, $url);
83         curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, FALSE);
84         curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, FALSE);
85         if (!empty ($data)) {
86             curl_setopt($curl, CURLOPT_POST, 1);
87             curl_setopt($curl, CURLOPT_POSTFIELDS, $data);
88         }
89 
90         if (!empty($arr_header)) {
91             curl_setopt($curl, CURLOPT_HTTPHEADER, $arr_header);
92         }
93 
94         curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
95         $output = curl_exec($curl);
96         curl_close($curl);
97         return $output;
98     }
99     

This is the way this is requested. The one that generates the signature should be encapsulated. For better illustration, I did not encapsulate it. In fact, WeChat officially provided a composer encapsulation method, but it was very useful. This simple and rude method was used.

Pass this request