# 签名

## 请求签名

商户需要使用自身的私钥对API URL、消息体等关键数据的组合进行SHA-256 with RSA签名。请求的签名信息通过HTTP头`Authorization`传递，具体说明请见[签名生成指南](/wechatpay-api-v3/qian-ming-zhi-nan-1/qian-ming-sheng-cheng.md)。没有携带签名或者签名验证不通过的请求，都不会被执行，并返回`401 Unauthorized`。

## 应答签名

对于签名验证成功的请求，微信支付API v3会使用微信支付的平台私钥对应答进行签名。签名的信息包含在HTTP头部中，具体说明请见[签名验证指南](/wechatpay-api-v3/qian-ming-zhi-nan-1/qian-ming-yan-zheng.md)。

{% hint style="info" %}

* 请使用微信支付的**公钥**进行验签，它包含在微信支付平台证书中
* 请对携带了签名的应答进行验签
* 没有携带签名的成功应答（HTTP状态码为`2xx`），应认为是伪造或被篡改的应答
  {% endhint %}

## 回调通知签名

当调用商户的接口时，微信支付会使用微信支付的平台私钥对回调请求进行签名。签名的方法同应答签名的方式一致，商户**必须**使用微信支付公钥验证回调的签名。

{% hint style="danger" %}
通知必须验证微信支付签名，避免被恶意攻击
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://wechatpay-api.gitbook.io/wechatpay-api-v3/ren-zheng/qian-ming-he-zheng-shu.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.