Rocket钱包集成教程

市场地位分析：
├── 市场份额：9%（第三大移动钱包）
├── 用户规模：1,800万+注册用户
├── 网点覆盖：5,000+ATM直连
├── 银行背景：DBBL强大银行网络
└── 技术特色：银行级安全标准

服务特色：
├── 银行直连
│   ├── 与DBBL银行账户无缝对接
│   ├── ATM网络免费取款
│   ├── 银行级安全保障
│   └── 大额交易支持
├── 农村覆盖
│   ├── 农村地区网点优势
│   ├── 代理商网络广泛
│   ├── 现金存取便利
│   └── 农业金融服务
├── 企业服务
│   ├── B2B支付解决方案
│   ├── 批量转账功能
│   ├── 工资发放服务
│   └── 供应链金融
└── 国际汇款
    ├── 海外汇款接收
    ├── 外币兑换服务
    ├── 跨境贸易支付
    └── 留学生汇款

技术优势：
├── 银行级架构
│   ├── 核心银行系统集成
│   ├── 实时交易处理
│   ├── 7×24小时服务
│   └── 99.9%系统可用性
├── 安全保障
│   ├── 端到端加密
│   ├── 多重身份验证
│   ├── 风险实时监控
│   └── 合规自动检查
├── API能力
│   ├── RESTful API设计
│   ├── 标准化接口
│   ├── 完善的文档
│   └── 开发者支持
└── 扩展性
    ├── 高并发处理
    ├── 弹性扩展能力
    ├── 微服务架构
    └── 云端部署

环境准备清单：
├── 开发工具
│   ├── PHP 7.4+ 或 Java 8+
│   ├── MySQL 5.7+ 数据库
│   ├── Redis 缓存系统
│   └── Git 版本控制
├── 测试环境
│   ├── 沙盒测试账号
│   ├── 测试API密钥
│   ├── 模拟交易数据
│   └── 调试工具配置
├── 安全配置
│   ├── SSL证书安装
│   ├── 防火墙设置
│   ├── 访问控制配置
│   └── 日志记录系统
└── 第三方工具
    ├── Postman API测试
    ├── cURL命令行工具
    ├── 加密库配置
    └── 签名验证工具

注册申请步骤：
├── 第一步：资质准备
│   ├── 企业营业执照
│   ├── 税务登记证明
│   ├── 银行开户许可
│   └── 法人身份证明
├── 第二步：在线申请
│   ├── 访问DBBL官网
│   ├── 填写商户申请表
│   ├── 上传资质文件
│   └── 提交初步审核
├── 第三步：审核流程
│   ├── 资料初步审核（3-5天）
│   ├── 现场尽职调查（1周）
│   ├── 技术对接测试（1周）
│   └── 正式开通授权（2-3天）
└── 第四步：技术对接
    ├── 获取商户ID
    ├── 分配API密钥
    ├── 配置回调URL
    └── 开通沙盒环境

// PHP密钥管理示例 class RocketAPIKeyManager { private $merchantId; private $apiKey; private $secretKey; private $environment; public function __construct($config) { $this->merchantId = $config['merchant_id']; $this->apiKey = $config['api_key']; $this->secretKey = $config['secret_key']; $this->environment = $config['environment']; // sandbox/production } // 生成请求签名 public function generateSignature($data, $timestamp) { $signatureString = $this->merchantId . $timestamp . json_encode($data) . $this->secretKey; return hash('sha256', $signatureString); } // 验证回调签名 public function verifyCallback($data, $signature) { $expectedSignature = hash_hmac('sha256', json_encode($data), $this->secretKey ); return hash_equals($expectedSignature, $signature); } // 获取API基础URL public function getBaseUrl() { return $this->environment === 'production' ? 'https://api.rocket.com.bd/v1' : 'https://sandbox-api.rocket.com.bd/v1'; } }

// 创建支付订单 POST /api/v1/payment/create

// 请求参数 { "merchant_id": "ROCKET_MERCHANT_001", "order_id": "ORDER_20241201_001", "amount": 1000.00, "currency": "BDT", "customer": { "name": "Customer Name", "phone": "01711234567", "email": "customer@email.com" }, "description": "Product purchase payment", "callback_url": "https://yoursite.com/rocket/callback", "success_url": "https://yoursite.com/payment/success", "cancel_url": "https://yoursite.com/payment/cancel", "timestamp": 1701398400, "signature": "generated_signature_hash" } // 响应结果 { "status": "success", "transaction_id": "RKT20241201001234", "payment_url": "https://rocket.com.bd/payment/RKT20241201001234", "expires_at": "2024-12-01T15:30:00Z", "message": "Payment URL generated successfully" }

// 查询支付状态 GET /api/v1/payment/status/{transaction_id} // 请求头 { "Authorization": "Bearer YOUR_API_KEY", "X-Merchant-ID": "ROCKET_MERCHANT_001", "X-Timestamp": "1701398400", "X-Signature": "generated_signature_hash" } // 响应结果 { "status": "success", "data": { "transaction_id": "RKT20241201001234", "order_id": "ORDER_20241201_001", "amount": 1000.00, "currency": "BDT", "payment_status": "completed", // pending/completed/failed/cancelled "payment_method": "rocket_wallet", "customer_phone": "01711234567", "created_at": "2024-12-01T14:30:00Z", "completed_at": "2024-12-01T14:35:00Z", "reference": "RKT_REF_12345" } }

// 申请退款 POST /api/v1/refund/create

// 请求参数 { "merchant_id": "ROCKET_MERCHANT_001", "transaction_id": "RKT20241201001234", "refund_amount": 500.00, "reason": "Customer requested refund", "refund_id": "REFUND_20241201_001", "timestamp": 1701398400, "signature": "generated_signature_hash" } // 响应结果 { "status": "success", "refund_transaction_id": "RKT_REFUND_001234", "refund_status": "processing", "estimated_completion": "2024-12-02T14:30:00Z", "message": "Refund request submitted successfully" }

// PHP回调处理示例 class RocketCallbackHandler { private $keyManager; public function __construct(RocketAPIKeyManager $keyManager) { $this->keyManager = $keyManager; } public function handleCallback() { // 获取回调数据 $rawData = file_get_contents('php://input'); $signature = $_SERVER['HTTP_X_SIGNATURE'] ?? ''; if (!$this->verifySignature($rawData, $signature)) { http_response_code(401); echo json_encode(['error' => 'Invalid signature']); return; } $data = json_decode($rawData, true); try { $this->processPaymentNotification($data); echo json_encode(['status' => 'success']); } catch (Exception $e) { http_response_code(500); echo json_encode(['error' => 'Processing failed']); } } private function verifySignature($data, $signature) { return $this->keyManager->verifyCallback( json_decode($data, true), $signature ); } private function processPaymentNotification($data) { $transactionId = $data['transaction_id']; $orderId = $data['order_id']; $status = $data['payment_status']; $amount = $data['amount']; // 更新数据库订单状态 $this->updateOrderStatus($orderId, $status, $transactionId); // 发送确认通知 if ($status === 'completed') { $this->sendConfirmationEmail($orderId); $this->updateInventory($orderId); } // 记录日志 $this->logTransaction($data); } private function updateOrderStatus($orderId, $status, $transactionId) { // 数据库更新逻辑 $pdo = $this->getDatabaseConnection(); $stmt = $pdo->prepare( "UPDATE orders SET 
             payment_status = ?, 
             transaction_id = ?, 
             updated_at = NOW() 
             WHERE order_id = ?" ); $stmt->execute([$status, $transactionId, $orderId]); } }

// Rocket支付集成类 class RocketPaymentIntegration { private $keyManager; private $baseUrl; public function __construct($config) { $this->keyManager = new RocketAPIKeyManager($config); $this->baseUrl = $this->keyManager->getBaseUrl(); } // 创建支付订单 public function createPayment($orderData) { $endpoint = '/payment/create'; $timestamp = time(); $requestData = [ 'merchant_id' => $this->keyManager->getMerchantId(), 'order_id' => $orderData['order_id'], 'amount' => $orderData['amount'], 'currency' => 'BDT', 'customer' => $orderData['customer'], 'description' => $orderData['description'], 'callback_url' => $orderData['callback_url'], 'success_url' => $orderData['success_url'], 'cancel_url' => $orderData['cancel_url'], 'timestamp' => $timestamp ]; // 生成签名 $requestData['signature'] = $this->keyManager->generateSignature( $requestData, $timestamp ); return $this->makeRequest('POST', $endpoint, $requestData); } // 查询支付状态 public function getPaymentStatus($transactionId) { $endpoint = "/payment/status/{$transactionId}"; $timestamp = time(); $headers = [ 'Authorization: Bearer ' . $this->keyManager->getApiKey(), 'X-Merchant-ID: ' . $this->keyManager->getMerchantId(), 'X-Timestamp: ' . $timestamp, 'X-Signature: ' . $this->keyManager->generateSignature([], $timestamp) ]; return $this->makeRequest('GET', $endpoint, null, $headers); } // HTTP请求封装 private function makeRequest($method, $endpoint, $data = null, $headers = []) { $url = $this->baseUrl . $endpoint; $ch = curl_init(); curl_setopt_array($ch, [ CURLOPT_URL => $url, CURLOPT_RETURNTRANSFER => true, CURLOPT_TIMEOUT => 30, CURLOPT_CUSTOMREQUEST => $method, CURLOPT_HTTPHEADER => array_merge([ 'Content-Type: application/json', 'Accept: application/json' ], $headers), CURLOPT_SSL_VERIFYPEER => true, CURLOPT_SSL_VERIFYHOST => 2 ]); if ($data) { curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); } $response = curl_exec($ch); $httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE); $error = curl_error($ch); curl_close($ch); if ($error) { throw new Exception("CURL Error: {$error}"); } if ($httpCode >= 400) { throw new Exception("HTTP Error: {$httpCode}"); } return json_decode($response, true); } }

<!DOCTYPE html> <html> <head> <title>Rocket Payment</title> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <style> .payment-container { max-width: 500px; margin: 50px auto; padding: 20px; border: 1px solid #ddd; border-radius: 8px; font-family: Arial, sans-serif; } .payment-form { display: flex; flex-direction: column; gap: 15px; } .form-group { display: flex; flex-direction: column; } .form-group label { margin-bottom: 5px; font-weight: bold; } .form-group input { padding: 10px; border: 1px solid #ccc; border-radius: 4px; } .pay-button { background-color: #ff6b35; color: white; padding: 15px; border: none; border-radius: 4px; font-size: 16px; cursor: pointer; } .pay-button:hover { background-color: #e55a2b; } .loading { display: none; text-align: center; margin: 20px 0; } </style> </head> <body> <div class="payment-container"> <h2>Rocket支付</h2> <form class="payment-form" id="rocketPaymentForm"> <div class="form-group"> <label>商品名称:</label> <input type="text" id="productName" value="测试商品" readonly> </div> <div class="form-group"> <label>支付金额:</label> <input type="number" id="amount" value="100" min="10" required> </div> <div class="form-group"> <label>客户姓名:</label> <input type="text" id="customerName" placeholder="请输入姓名" required> </div> <div class="form-group"> <label>手机号码:</label> <input type="tel" id="customerPhone" placeholder="01XXXXXXXXX" pattern="01[0-9]{9}" required> </div> <div class="form-group"> <label>邮箱地址:</label> <input type="email" id="customerEmail" placeholder="example@email.com" required> </div> <button type="submit" class="pay-button">使用Rocket支付</button> </form> <div class="loading" id="loadingDiv"> <p>正在处理支付请求...</p> </div> </div> <script> document.getElementById('rocketPaymentForm').addEventListener('submit', function(e) {             e.preventDefault(); // 显示加载状态 document.getElementById('loadingDiv').style.display = 'block'; document.querySelector('.pay-button').disabled = true; // 收集表单数据 const formData = { amount: document.getElementById('amount').value, customer_name: document.getElementById('customerName').value, customer_phone: document.getElementById('customerPhone').value, customer_email: document.getElementById('customerEmail').value, product_name: document.getElementById('productName').value }; // 发送支付请求 fetch('/create-rocket-payment.php', { method: 'POST', headers: { 'Content-Type': 'application/json', }, body: JSON.stringify(formData) }) .then(response => response.json()) .then(data => { if (data.status === 'success') { // 跳转到Rocket支付页面 window.location.href = data.payment_url; } else { alert('支付请求失败: ' + data.message); document.getElementById('loadingDiv').style.display = 'none'; document.querySelector('.pay-button').disabled = false; } }) .catch(error => { console.error('Error:', error); alert('网络错误，请重试'); document.getElementById('loadingDiv').style.display = 'none'; document.querySelector('.pay-button').disabled = false; }); }); </script> </body> </html>

// create-rocket-payment.php
<?php require_once 'RocketPaymentIntegration.php'; header('Content-Type: application/json'); try { // 获取POST数据 $input = json_decode(file_get_contents('php://input'), true); // 验证输入数据 $requiredFields = ['amount', 'customer_name', 'customer_phone', 'customer_email']; foreach ($requiredFields as $field) { if (empty($input[$field])) { throw new Exception("Missing required field: {$field}"); } } // 生成订单ID $orderId = 'ORDER_' . date('YmdHis') . '_' . rand(1000, 9999); // 配置Rocket API $config = [ 'merchant_id' => 'YOUR_MERCHANT_ID', 'api_key' => 'YOUR_API_KEY', 'secret_key' => 'YOUR_SECRET_KEY', 'environment' => 'sandbox' // 或 'production' ]; // 创建支付集成实例 $rocketPayment = new RocketPaymentIntegration($config); // 准备支付数据 $orderData = [ 'order_id' => $orderId, 'amount' => floatval($input['amount']), 'customer' => [ 'name' => $input['customer_name'], 'phone' => $input['customer_phone'], 'email' => $input['customer_email'] ], 'description' => $input['product_name'] ?? 'Product Purchase', 'callback_url' => 'https://yoursite.com/rocket-callback.php', 'success_url' => 'https://yoursite.com/payment-success.php', 'cancel_url' => 'https://yoursite.com/payment-cancel.php' ]; // 创建支付订单 $result = $rocketPayment->createPayment($orderData); if ($result['status'] === 'success') { // 保存订单到数据库 saveOrderToDatabase($orderId, $orderData, $result['transaction_id']); echo json_encode([ 'status' => 'success', 'payment_url' => $result['payment_url'], 'transaction_id' => $result['transaction_id'] ]); } else { throw new Exception($result['message'] ?? 'Payment creation failed'); } } catch (Exception $e) { http_response_code(400); echo json_encode([ 'status' => 'error', 'message' => $e->getMessage() ]); } function saveOrderToDatabase($orderId, $orderData, $transactionId) { // 数据库保存逻辑 $pdo = new PDO('mysql:host=localhost;dbname=your_db', 'username', 'password'); $stmt = $pdo->prepare( "INSERT INTO orders (order_id, transaction_id, amount, customer_name, 
         customer_phone, customer_email, status, created_at) 
         VALUES (?, ?, ?, ?, ?, ?, 'pending', NOW())" ); $stmt->execute([ $orderId, $transactionId, $orderData['amount'], $orderData['customer']['name'], $orderData['customer']['phone'], $orderData['customer']['email'] ]); } ?>

安全实施清单：
├── 传输安全
│   ├── 强制HTTPS通信
│   ├── TLS 1.2+协议
│   ├── 证书验证
│   └── 防中间人攻击
├── 数据加密
│   ├── 敏感数据加密存储
│   ├── API密钥安全管理
│   ├── 数据库字段加密
│   └── 日志敏感信息脱敏
├── 身份验证
│   ├── API签名验证
│   ├── 时间戳防重放
│   ├── IP白名单限制
│   └── 访问频率控制
└── 系统安全
    ├── 服务器安全配置
    ├── 防火墙规则设置
    ├── 安全补丁及时更新
    └── 入侵检测系统

// 合规检查实现 class RocketComplianceChecker { // KYC客户身份验证 public function verifyCustomer($customerData) { $verificationResult = [ 'status' => 'pending', 'checks' => [] ]; // 手机号验证 if (!$this->isValidBangladeshPhone($customerData['phone'])) { $verificationResult['checks'][] = 'Invalid phone number format'; } // 姓名验证 if (!$this->isValidName($customerData['name'])) { $verificationResult['checks'][] = 'Invalid name format'; } // 金额限制检查 if (!$this->checkTransactionLimits($customerData['amount'])) { $verificationResult['checks'][] = 'Amount exceeds limits'; } $verificationResult['status'] = empty($verificationResult['checks']) ? 'approved' : 'rejected'; return $verificationResult; } // AML反洗钱检查 public function amlCheck($transactionData) { // 检查交易模式 $riskScore = 0; // 大额交易风险 if ($transactionData['amount'] > 50000) { $riskScore += 30; } // 频繁交易风险 $dailyTransactions = $this->getDailyTransactionCount( $transactionData['customer_phone'] ); if ($dailyTransactions > 10) { $riskScore += 20; } // 风险评级 if ($riskScore >= 50) { return ['risk_level' => 'high', 'action' => 'manual_review']; } elseif ($riskScore >= 30) { return ['risk_level' => 'medium', 'action' => 'enhanced_monitoring']; } else { return ['risk_level' => 'low', 'action' => 'proceed']; } } private function isValidBangladeshPhone($phone) { return preg_match('/^01[0-9]{9}$/', $phone); } private function isValidName($name) { return preg_match('/^[a-zA-Z\s]{2,50}$/', $name); } private function checkTransactionLimits($amount) { return $amount >= 10 && $amount <= 100000; } }

测试环境配置：
├── 测试账号信息
│   ├── 沙盒商户ID：TEST_MERCHANT_001
│   ├── 测试API密钥：test_api_key_12345
│   ├── 测试密钥：test_secret_key_67890
│   └── 沙盒环境URL：https://sandbox-api.rocket.com.bd
├── 测试用例
│   ├── 成功支付测试
│   ├── 支付失败测试
│   ├── 超时处理测试
│   └── 回调验证测试
├── 测试数据
│   ├── 测试手机号：01700000001-01700000010
│   ├── 测试金额：10-10000 BDT
│   ├── 测试订单：TEST_ORDER_前缀
│   └── 模拟场景：各种支付状态
└── 调试工具
    ├── API请求日志
    ├── 响应数据分析
    ├── 错误代码查询
    └── 性能监控

// 测试用例执行类 class RocketTestSuite { private $rocketPayment; public function __construct() { $testConfig = [ 'merchant_id' => 'TEST_MERCHANT_001', 'api_key' => 'test_api_key_12345', 'secret_key' => 'test_secret_key_67890', 'environment' => 'sandbox' ]; $this->rocketPayment = new RocketPaymentIntegration($testConfig); } // 测试成功支付流程 public function testSuccessfulPayment() { echo "Testing successful payment...\n"; $orderData = [ 'order_id' => 'TEST_ORDER_' . time(), 'amount' => 100.00, 'customer' => [ 'name' => 'Test Customer', 'phone' => '01700000001', 'email' => 'test@example.com' ], 'description' => 'Test payment', 'callback_url' => 'https://test.example.com/callback', 'success_url' => 'https://test.example.com/success', 'cancel_url' => 'https://test.example.com/cancel' ]; try { $result = $this->rocketPayment->createPayment($orderData); if ($result['status'] === 'success') { echo "✓ Payment creation successful\n"; echo "Transaction ID: " . $result['transaction_id'] . "\n"; // 测试状态查询 sleep(2); $status = $this->rocketPayment->getPaymentStatus( $result['transaction_id'] ); echo "✓ Status query successful: " . $status['data']['payment_status'] . "\n"; } else { echo "✗ Payment creation failed: " . $result['message'] . "\n"; } } catch (Exception $e) { echo "✗ Test failed: " . $e->getMessage() . "\n"; } } // 测试无效数据处理 public function testInvalidData() { echo "Testing invalid data handling...\n"; $invalidOrderData = [ 'order_id' => '', // 空订单ID 'amount' => -100, // 负数金额 'customer' => [ 'name' => '', 'phone' => '123', // 无效手机号 'email' => 'invalid-email' ] ]; try { $result = $this->rocketPayment->createPayment($invalidOrderData); echo "✗ Should have failed but didn't\n"; } catch (Exception $e) { echo "✓ Correctly handled invalid data: " . $e->getMessage() . "\n"; } } // 运行所有测试 public function runAllTests() { echo "Starting Rocket integration tests...\n\n"; $this->testSuccessfulPayment(); echo "\n"; $this->testInvalidData(); echo "\n"; echo "All tests completed.\n"; } } // 执行测试 $testSuite = new RocketTestSuite(); $testSuite->runAllTests();

问题排查指南：
├── 签名验证失败
│   ├── 检查密钥配置是否正确
│   ├── 验证时间戳是否在有效范围
│   ├── 确认签名算法实现正确
│   └── 检查字符编码是否一致
├── API调用超时
│   ├── 检查网络连接状态
│   ├── 增加请求超时时间设置
│   ├── 实现重试机制
│   └── 验证防火墙设置
├── 回调接收失败
│   ├── 确认回调URL可访问
│   ├── 检查SSL证书配置
│   ├── 验证IP白名单设置
│   └── 检查服务器日志
└── 支付状态异常
    ├── 实现状态查询轮询
    ├── 设置合理的状态更新时间
    ├── 处理网络延迟情况
    └── 建立异常处理机制

性能优化策略：
├── 请求优化
│   ├── 实现连接池复用
│   ├── 启用HTTP长连接
│   ├── 压缩请求响应数据
│   └── 设置合理的超时时间
├── 缓存策略
│   ├── API响应结果缓存
│   ├── 用户认证信息缓存
│   ├── 配置参数缓存
│   └── 静态资源缓存
├── 异步处理
│   ├── 支付结果异步处理
│   ├── 通知消息队列化
│   ├── 日志记录异步化
│   └── 数据分析后台处理
└── 监控告警
    ├── API调用成功率监控
    ├── 响应时间监控
    ├── 错误率监控
    └── 系统资源监控

// 完善的错误处理类 class RocketErrorHandler { public function handleAPIError($errorResponse) { $errorCode = $errorResponse['error_code'] ?? 'UNKNOWN'; $errorMessage = $errorResponse['message'] ?? 'Unknown error'; switch ($errorCode) { case 'INVALID_SIGNATURE': return $this->handleSignatureError(); case 'INSUFFICIENT_BALANCE': return $this->handleBalanceError(); case 'INVALID_PHONE': return $this->handlePhoneError(); case 'TRANSACTION_LIMIT_EXCEEDED': return $this->handleLimitError(); default: return $this->handleGenericError($errorMessage); } } private function handleSignatureError() { // 记录签名错误日志 error_log('Rocket API signature verification failed'); return [ 'user_message' => '支付验证失败，请重试', 'action' => 'retry', 'technical_details' => 'Signature verification failed' ]; } private function handleBalanceError() { return [ 'user_message' => '账户余额不足，请充值后重试', 'action' => 'recharge', 'technical_details' => 'Insufficient account balance' ]; } private function handlePhoneError() { return [ 'user_message' => '手机号格式不正确，请检查后重试', 'action' => 'correct_phone', 'technical_details' => 'Invalid phone number format' ]; } }

安全实践清单：
├── 密钥管理
│   ├── 使用环境变量存储密钥
│   ├── 定期轮换API密钥
│   ├── 限制密钥访问权限
│   └── 监控密钥使用情况
├── 输入验证
│   ├── 严格验证所有输入参数
│   ├── 实施白名单验证
│   ├── 防止SQL注入攻击
│   └── 过滤恶意脚本代码
├── 日志安全
│   ├── 敏感信息脱敏记录
│   ├── 安全事件实时告警
│   ├── 日志完整性保护
│   └── 合规审计支持
└── 访问控制
    ├── IP白名单限制
    ├── API调用频率限制
    ├── 用户权限最小化
    └── 异常行为检测