Summary of basic knowledge for developing WeChat payment

It has been more than two months since WeChat Pay was developed and launched. If there was no promotion and publicity, the number of users would not be very large. So far, there has not been a large amount of payments. In the past, WeChat Pay was open to all public accounts, so that we could write some summaries. In the past, WeChat Pay was not open to all public accounts, so all documents were inconvenient for public publication. From the time I connected to WeChat Pay last year to now, I have found that the functions of WeChat Pay are becoming more and more complete and the functions are becoming richer and richer. There were many pitfalls in the early stages of development. The students who connected with WeChat discovered it after searching for a long time. Starting from the differences in the access environments of different companies, the problems encountered by both parties are unavoidable. There are some aspects that should be paid special attention to and I will summarize them here.

1. The WeChat payment result server IP is not fixed. Generally, if a company needs to make a whitelist, almost all previously accessed payment methods can be used. However, WeChat notifies that there are too many servers nationwide and cannot provide payment result notifications. server, so it is impossible to do a whitelist to prepay malicious users andsecurity, access the server and The site needs special processing.

2. The WeChat payment notification address and acceptance server cannot be encrypted by HTTPS before they can be accessed normally. Since HTTPS is encrypted based on a third-party security certificate, I did not pay attention at first. After the payment is completed, the payment result will be lost. It has been unable to notify normally.

3. When applying for an account, you must be sure to submit the authorized payment directory, such as: http://qq.com/b/a.html, so the authorized directory must be http:/ /qq.com/b/ directory, you must go to the lowest level directory, otherwise pages in other directories will not have permission to call WeChat payment (JSAPI) Script. Please pay special attention to this. Once submitted, the payment directory cannot be modified. It can be modified now. In theory, only one payment authorization directory is allowed. This used to be the case. It's up to you. It would be a tragedy if multiple products are connected to the same server. However, it depends on your relationship. In fact, one server can apply for multiple payment authorization directories. 4. User complaints return directory. The application account must also be a fixed address, and theoretically cannot be modified after submission. As the system matures, it should be possible to access the user complaint and feedback system

.

5. Before the official

review

is passed, all your payments cannot be used normally, including testing. 6. You must use a formal account for testing, and there is no test account. The test can temporarily assign a test authorization directory. However, the tester's WeChat ID must be added to the whitelist, otherwise the test whitelist will only have 20 accounts at most.

7. Once the WeChat review is passed. Account, the configured test authorization directory can be tested by WeChat payment. Once the WeChat payment of this public account is released, I'm sorry, all the authorized payment directories of the WeChat payment test address will be invalid, if there are multiple products. At this time, only the online address can be used for testing. However, WeChat informed that this permission will be released in the future.

8. The Getpackage callback address for obtaining product information has been submitted when applying for the WeChat Natvie payment account. The biggest pitfall is that there is no test address. You can only use the official address for testing, and there is no test address available. Although native payment does not require WeChat payment permissions on the authorization directory page. The most annoying thing is that the callback address for obtaining product information is official, so the test address cannot be used. At most, it can only call up a WeChat payment sister.

9. Anyone who interacts with WeChat must obtain the WeChat authorized access_token. Generally, it will expire after two hours and must be obtained again before interacting with all

interfaces

of WeChat. Otherwise you will be told that you do not have permission. 10. WeChat’s OAuth protocol user information acquisition protocol is the worst. The documents given are wrong, and the information given in the communication is also wrong. This is also troublesome. You must use the WeChat client to maliciously obtain WeChat information, and you must also go to the WeChat server to jump to the specified server address to obtain the information. WeChat's OpenId is a unique ID generated based on user information plus server information. As long as the user pays attention to WeChat's server, information can be pushed to the user through the user's OpenId. What WeChat 5.2 is currently doing is that it can push payment information even if the user is not paying attention. This function is only a specific function for some accounts.

The last sentence is that the test environment is still well prepared, and the accuracy and completeness of the documentation also need to be improved. The demo provided supports multi-language version and needs to be improved. However, WeChat payment is advancing very quickly. Many functions that were not available before can now be used. I found that the speed of improvement is still very fast. Looking forward to a new leap forward in WeChat payment. The last point is that WeChat also has an overlord clause. If you connect to WeChat Pay within the WeChat app, you are not allowed to connect to other payment methods. This is even more ruthless than Alipay.

The above is the detailed content of Summary of basic knowledge for developing WeChat payment. For more information, please follow other related articles on the PHP Chinese website!