AIO
EN
  • EN
  • ZH
    AIO
    EN
    • EN
    • ZH
    • Overview
    • Create API Key
    • Callback
    • Security
    • Pay-in
    • Pay-out
    • API
      • Before You Begin
      • Get Txs
        GET
      • Get Sub Txs
        GET
      • Get Tx Info
        GET
      • Create Payin Tx
        POST
      • Create Payin Longtime Tx
        POST
      • Create Payout Tx
        POST
      • Price
        GET
      • Calculate price
        GET
    • Schemas
      • Schemas
        • CallbackReqContentData
        • CallbackSubTxData
        • CallbackTxData
        • CallbackType
        • GetSubTxData
        • SubTxDataExt
        • SubTxStatus
        • GetSubTxDataResponse
        • Chain
        • ErrorResponseModel
        • PayTxData
        • PayTxStatusData
        • PayinLongTimeTxParams
        • PayinTxParams
        • PayoutSubTxParams
        • PayoutTxParams
        • PriceData
        • RedisKeyData
        • SubTxData
        • SuceedResponseModel
        • TestData
        • Token
        • TxData
        • TxDetailsData
        • TxStatus
        • TxType
        • VsToken
        • TestDataResponse
        • RedisKeyDataResponse
        • PriceDataResponse
        • PayTxDataResponse
        • PayTxStatusDataResponse
        • TxDetailsDataResponse
        • TxDataResponse

    Security

    Signature Authentication and Encrypted Transmission#

    To ensure the security and integrity of API requests, the client must generate a signature based on the request content for each API call and include it in the HTTP headers. The platform will validate the request based on the signature. Any request that fails verification will be considered unauthorized and rejected.
    api-key
    Get API Key via aio-dashborad

    Required Request Headers#

    Header NameDescriptionExample
    algorithmThe hashing algorithm used for signing. Supported: HMAC-SHA256HMAC-SHA256
    dateThe timestamp of the request (recommended in ISO-8601 UTC format)2025-05-12T00:00:00Z
    body-md5The MD5 hash of the request body (use an empty string if there is no body)a4e00bea676896c4524f112fd0e2f6b6
    aio-signThe Base64-encoded signature generated using your Secret KeyQmFzZTY0RW5jb2RlZFNpZ25hdHVyZVN0cmluZw==
    aio-aes(Optional) AES IV used to encrypt response data, for decrypting responsespS1k2dfGjI9klq3j
    aio-api-keyYour API Key created in the AIO dashboardviQblWoiMslwpVgHtNBfLstt

    Signature Construction#

    AIO uses HMAC-based signature authentication. Clients must sign a structured string containing key request information. The format is:
    Example Value
    HMAC-SHA256 | 2025-05-27T08:00:00Z | GET /v2/tx?page=1&size=10

    Signature Components#

    FieldDescription
    algorithmThe algorithm used for signing HMAC-SHA256
    dateThe UTC timestamp of the request in ISO-8601 format
    methodHTTP method (uppercase), e.g., GET, POST
    uriFull request path including query string, e.g., /v2/tx?page=1&size=10
    body_md5The MD5 hash of the request body (only for POST/PUT/PATCH methods)

    Example: GET /tx#

    Python
    Golang
    Java
    TypeScript

    Example: POST /tx/pay-in#

    Python
    Golang
    Java
    TypeScript

    Encrypted Transmission#

    To further enhance communication security, AIO supports AES-CBC encryption of API response data. If enabled, the client must send an aio-aes header containing the Base64-encoded IV (initialization vector). The server will return AES-encrypted content.

    Example: GET /tx#

    Python
    Golang
    Java
    TypeScript

    Example: POST /tx/pay-in#

    Python
    Golang
    Java
    TypeScript

    Response Decryption#

    Python
    Golang
    Java
    TypeScript

    Additional Notes#

    You should implement signature generation and AES encryption/decryption based on your development language and framework.
    For debugging purposes, it's helpful to log the signature string and output for verification.
    Previous
    Callback
    Next
    Pay-in
    Built with