For Software Provider Access

1.Register an account as software provider

Go to the http://user-p.4px.com/partner/register?redirectUrl=https://open.4px.com/login and select Software provider to start your register process.

2. Login in the FOP

Go to the https://open.4px.com/login then login.

3.Authentication

Click Step into Authentication->Complete basic info->Click save. Shown below

Remarks:If you already finish authentication process you can start step 4 register APP,please wait while our staff verify your application。

4.Register APP

a.First, choose the "Access managemen-My APPs" on the Menu bar, then click the "Add" button

b.Complete APP application form

c.Waiting for the verification (within 3 workdays)

d.After verification, click the name of your APP , for your "APP key" and “APPsecret”

e.If denied for your APP registration, Please read the notice and modify your application and submit again.

5.Authorization

Shown in the diagram below:

a.Get the authorization_code

1. http request method: GET
2. http request address: https://open.4px.com/authorize/get
3. request parameters

Parameters Type Required Description
client_id String true App_key generated by the system for the registered app
response_type String true response_type=code This is a fixed way of writing Oauth
redirect_uri String true URL encoding is required after the authorization is successful
d) For example, the request address: https://open.4px.com/authorize/get?client_id=a3f9e3ac-7873-4686-92ef-e2cf57b5406f&response_type=code&redirect_uri=http%3A%2F%2Fwww.baidu.com e) Under normal circumstances, the AS will call back the client's redirect_url (using Baidu's URL as an example) and attach the code parameter (authorization code).
https://www.baidu.com/?code=caec4037079b6b10bb0310e7a1da1874

b.Get access_token according to authorization_code

1.Http request method: POST
2.http request address: https://open.4px.com/accessToken/get
3.ContentType:application/x-www-form-urlencoded
4.Request parameters

Parameters Type Required Description
client_id String true App_key generated by the system for the registered app
client_secret String true App_secret generated by the system for the registered app
grant_type String true Default Value:authorization_code
code String true The code value returned by calling the authorization_code interface
redirect_uri String true The callback address domain name can be filled in when the app is registered. Redirect_url refers to the callback address parameter passed when the application initiates the request. After the user authorizes the application, the application will jump to redirect_url. Require the same as the callback address domain name or the top-level domain name that is filled in when the application is registered.
For example:
5.Response parameters
Parameters Type Description
expires_in Nubmer accessToken expiration time is 7 days, and Unit is milliseconds
access_token String Authorization code valid for 7 days
refresh_token String Refresh code valid for 1 year

c.Get access_token according to refresh_token

1.If the refreshToken is valid and the accessToken has expired, then the refresh_token can be exchanged for the access_token without re-authorizing and then accessing the user's private data. If the refresh_token expires, you need to go back and get the Oauth2.0 token process reauthorization.
2.http request method: post
3.http request address: https://open.4px.com/accessToken/get
4.ContentType:application/x-www-form-urlencoded
5.Request parameters

Parameters Type Required Description
client_id String true Register app generated app_key by the system
client_secret String true Register app generated by system_appret
grant_type String true Default Value:refresh_token
refresh_token String true The refresh_token value returned in the previous step
redirect_uri String true Fill in the address of the callback address when the app is registered. Redirect_uri refers to the callback address parameter passed when the application initiates the request. After the user authorizes the application, the application will jump to redirect_uri. Require the same as the callback address domain name or the top-level domain name that is filled in when the application is registered.
6.The response parameters are the same as in the second step

6.Generate a public parameter signature

a.Public request parameter:

name type required description
method String true API interface name
app_key String true Apply the access application AppKey
v String true API protocol version, depends on the version of interface
timestamp Long true timestamp, get the millisecond of current time.Such as 2018-07-26 16:06:53:187, it will be transfer to be 1532592413187.
format String true Submitted business data.The default is json, and the optional value is json.
sign String true API input parameter signature results;Encrypted signature of App Secret.Use the MD5 encryption algorithm
access_token String true Through OAuth authorization, the platform service providers and third-party software vendors are required to pass in 4PX customers (class B customers)

b.Arrange in ascending alphabetical order(not including access_token), such as the following test data
app_key=16081f05-e8fc-4250-b9c4-0660d1ecbb28
format=json
method=ds.xms.order.create
timestamp=1532592413187
v=1.0

c.Connect the string (remove all = and &).4.Connect the parameter name and parameter value, and add the body information and appSecret at the end, assuming appSecret=7eebf328-8e5a-4030-904d-ec6e89174fbc, Suppose the body information (Json compression format) is as follows:{"aa":"bb"}

Then the string into the following is as follows:

app_key16081f05-e8fc-4250-b9c4-0660d1ecbb28formatjsonmethodds.xms.order.createtimestamp1532592413187v1.0{"aa":"bb"}7eebf328-8e5a-4030-904d-ec6e89174fbc

The red part above is the request body data The string generated above is generated using MD5 encryption to generate a 32-bit lowercase signature value sign, which is used below. (Signature algorithm uses MD5 uniformly) The above string is encrypted with MD5: 32-bit signature value -> c4a41de412206ad4473c72f273082f92

7.Through OpenAPI Platform Interface

a.http request method: post
b.http address: https://open.4px.com/router/api/service
c.ContentType:application/json
d.Request parameters, put them behind the url, connect with the "&"

Parameters Type Required Description
method String true The name of the interface refers to the interface description in the next chapter. For example, the package information: method=fpx.dps.pkg.get
app_key String true The app key of the application access request
v String true The version number. For example: 1.0, 2.0, the current default 1.0
timestamp Long true timestamp, get the millisecond of current time.Such as 2018-07-26 16:06:53:187, it will be transfer to be 1532592413187.
format String true Submitted business data.The default is json, and the optional value is json.
sign String true API input parameter signature results;Encrypted signature of App Secret.Use the MD5 encryption algorithm
access_token String true Get by OAuth 2.0
e.put the practical params to the body with 'json' type f.Response parameters
Parameters Type Description
result String Flag String Response result 0: failure, 1: success, 2: partial success
msg string Description
data String Return content

g.Example using the parameters generated by our steps above:
Request URL:https://open.4px.com/router/api/service?method=ds.xms.order.create&app_key=a3f9e3ac-7873-4686-92ef-e2cf57b5406f&v=1.0&timestamp=1532592413187 &format=json&sign=9715c6172872252f3c59a8528e6873d6
&access_token=20c7513b4222fd6acc1fe4e34ff9ba8d


Notice:
1. Api domain name,for Sandbox environment:" open.sandbox.4px.com", the Production environment: "open.4px.com"
2. Method, app_key parameter should be consistent with the generated parameter Signature. The sign parameter is obtained by MD5 encryption which recieved after generated the Signature.

8.Publish Online

After finish the Sandbox environment test, please publish in the Production enviroment