Epusdt

English

中文

English

中文

Appearance

2026-04-08
641
4m

API Reference

This section documents the current Epusdt HTTP API baseline based on the official source.

Base URL

Use your deployed Epusdt server as the base URL, for example:

text
http://your-server:8000

For production, place Epusdt behind HTTPS:

text
https://pay.example.com

INFO

Current source registers routes at root-relative paths such as /payments/... and /pay/....

If you deploy Epusdt under an external subpath like https://example.com/epusdt, that prefix must be handled by your reverse proxy or ingress. It is not a built-in router prefix inside the app.

Authentication and Signing

Current source does not implement separate bearer-token, query-token, or request-body token authentication for payment creation.

What the live payment endpoints validate is the request signature, generated with the .env value api_auth_token.

WARNING

Keep api_auth_token secret. Never expose it in frontend code, mobile apps, or public repositories.

Request Signature

Signature algorithm: MD5

Rules:

  1. Collect all non-empty parameters except signature
  2. Sort by key in ASCII ascending order
  3. Join as key=value&key=value
  4. Append api_auth_token directly to the end
  5. Compute lowercase MD5

Example:

text
amount=42&notify_url=http://example.com/notify&order_id=20220201030210321&redirect_url=http://example.com/redirect

Append token:

text
amount=42&notify_url=http://example.com/notify&order_id=20220201030210321&redirect_url=http://example.com/redirectepusdt_password_xasddawqe

Request Format

  • Method: POST
  • Content-Type: application/json
  • Encoding: UTF-8

WARNING

Current source registers create-transaction as POST only, and signature middleware parses the raw body as JSON before verification. In practice, GET and application/x-www-form-urlencoded requests are not valid for this endpoint.

Response Format

For JSON API endpoints, current source returns HTTP 200 for both success and failure envelopes. Check the top-level status_code field for the business result.

Successful responses use this shape:

json
{
  "status_code": 200,
  "message": "success",
  "data": {
    "trade_id": "202203271648380592218340",
    "order_id": "9",
    "amount": 53,
    "currency": "cny",
    "actual_amount": 7.9104,
    "receive_address": "TNEns8t9jbWENbStkQdVQtHMGpbsYsQjZK",
    "token": "usdt",
    "expiration_time": 1648381192,
    "payment_url": "http://example.com/pay/checkout-counter/202203271648380592218340"
  },
  "request_id": "b1344d70-ff19-4543-b601-37abfb3b3686"
}

Status Codes

Current source uses top-level status_code for API results:

CodeMeaning
200Success
400System error or request validation failure
401Signature verification failed
10001Wallet address already exists
10002Order already exists
10003No available wallet address
10004Invalid payment amount
10005No available amount channel
10006Rate calculation failed
10007Block transaction already processed
10008Order does not exist
10009Failed to parse request params
10010Order status already changed

Available Endpoints

MethodEndpointDescription
POST/payments/epusdt/v1/order/create-transactionCreate a payment transaction; injects default token=usdt, currency=cny, network=TRON when omitted
POST/payments/gmpay/v1/order/create-transactionCreate a payment transaction without legacy default injection
GET/pay/checkout-counter/:trade_idHosted checkout page
GET/pay/check-status/:trade_idCheckout status polling endpoint

TIP

The live API prefix is /payments/.... The older /api/v1/order/create-transaction path is legacy documentation, not a registered route in current source.

Prefix Distinctions

Keep these prefixes separate:

  • /payments/... — live API routes for order creation
  • /pay/... — hosted checkout and status polling routes
  • app_uri — external absolute base used to build absolute URLs such as payment_url

Example:

text
app_uri = https://pay.example.com
payment_url = https://pay.example.com/pay/checkout-counter/{trade_id}

If you expose Epusdt through a proxy path such as /epusdt, clients may see URLs like:

text
https://example.com/epusdt/pay/checkout-counter/{trade_id}

That deployment prefix comes from proxy configuration plus app_uri, not from an internal route group in the Go router.

Security Recommendations

  • Keep api_auth_token secret and server-side only
  • Always use HTTPS in production
  • Verify callback signatures before marking orders paid
  • Treat callback success as HTTP 200 + exact body ok
  • Restrict access to .env and admin surfaces
  • Use a stable tron_grid_api_key for TRC20 monitoring

Next Step

  • Payment API — create-order, callback, status, and example details
最近更新

Copyright © 2025 GMwallet