PandaPon OpenAPI
Product documentsAPI reference
English
  • 简体中文
  • Tiếng Việt
  • Español
Product documentsAPI reference
English
  • 简体中文
  • Tiếng Việt
  • Español
Back to PandaPon Website
  1. Message service access
  • Give public notice
  • Brief account
  • Beginner's Guide
    • Become a developer
    • Obtain Access Key and Access Key
    • Start development
  • API tutorial
    • Development manual
    • Error code
  • Message service access
    • Message Access Manual
  • Account test
    • 1688 test account
  1. Message service access

Message Access Manual

Access instructions#

Message service is an active push service launched by the PandaPon developer platform to improve efficiency. At present, the push content is only open to order-related messages. Based on this push service, applications no longer need to poll API to obtain distribution data. Only when the business data corresponding to the message changes, the open platform will actively push the business content to the developer. Developers only need to subscribe to the message in advance and can parse the message content. It should be noted that because the orderliness of messages cannot be guaranteed, some messages need to be synchronized with the OpenAPI query interface. Message access can effectively reduce the call frequency of API and reduce the pressure on the system.

Subscription steps#

Location: Open Platform Application Console - Message Service
Steps: Developers can configure a callback URL on the open platform to receive message requests.
Log in to the PandaPon open platform as a developer;
Select the console;
Select the message service;
Fill in the callback address and select Verify. If the HTTP 200 status code is returned, it will prompt that the verification is successful;

Message format#

messageType: message type
messageBody: message body
messagePlatform: Message Channel 0-Taobao Platform 1-1688 Platform
Timestamp: Message Push Time
image.png

Mechanism description#

Callback address#

Description: Developers need to provide a message receiving channel, and the form of receiving push is an HTTPS POST request.
To use the message service, you need to prepare a callback interface to receive the message. Please strictly follow the following requirements:
Please use the callback address of the HTTPS protocol;
After receiving the message, please return the HTTP 200 status code to confirm the receipt of the message.
The timeout time is 1000MS.

Retry and compensation#

After failure, the message will be pushed again after half an hour, up to 5 times;
If the system interrupts more than 5 retries, please re-obtain the data through the relevant query interface.

Message signature#

Description: The data will be transmitted in clear text. For security reasons, the open platform will do summary signature processing in the message body, and the signature result will be placed in the Authorization field of the POST request header. The signature algorithm is as follows:
#Request signature parameters
Base = "{messageBody}"
Secret = "{AccessSecret}"
#Signature algorithm
HMAC-SHA256
#Generate a signature
Authorization = HEX_ENCODE(HMAC-SHA256(Base, Secret));
Java signature code reference:
public static String getSignature(String base, String secret) {
try {
Mac sha256Hmac = Mac.getInstance(HMAC_SHA256);
SecretKeySpec secretKey = new SecretKeySpec(secret.getBytes(), HMAC_SHA256);
sha256Hmac.init(secretKey);
return byteArraytoHexString(sha256Hmac.doFinal(base.getBytes()));
} catch (Exception e) {
log.error("Failed to generate signature");
}
return null;
}

Suggestions for handling#

After receiving the message, verify the signature to prevent external attacks. Do not convert and modify the original message body accordingly when signing! Otherwise, the signature comparison will be inconsistent.
Note: messageBody is a string type.
Due to the interface response time limit (within 1000ms), it can be stored in an asynchronous queue for business processing after receiving the message.
修改于 2025-03-24 11:26:21
上一页
Error code
下一页
Account test
Built with