Callback Notification Service Description

Update Notes

20240606

Prerequisites

The access party needs to prepare the following information:

You need to fill in your callback address in Personal Center-API Management.

app_secret: used for callback notification message auxiliary signature verification. You can get your app_secret in Personal Center-API Management.

If your service is set up with whitelist access, you need to set 106.15.203.246 (cs2dt callback service ip) to the whitelist.

Notification Mechanism

For the callback notification scenario of purchase orders, we will push a message to you. The message body is json format data, and the request method is POST. If you receive the message and process the logic correctly, please return the success string. If you do not return, we will assume that you have not received the notification. We will continue to push messages at intervals of 1 minute, 2 minutes, 5 minutes, 10 minutes, and 30 minutes. We will no longer push messages after 5 failures

Signature verification instructions

The sign field will definitely exist in the body of the pushed message, which can help you verify the signature to ensure that the message is not forged. Signature verification rules:

Exclude the sign field from the notification return parameter list. The remaining parameters need to be signed. If the value of a field is null, then treat this value as a null string and also sign it

Perform url_decode on the remaining parameters (use the & symbol link in the middle), then sort the dictionary (according to the ascii code from small to large), form a string, and get the string to be signed

Then add (&sign={app_secret}) to the end of the string to be signed. For how to get it, please refer to the Prerequisites section

Finally, use the MD5 digest algorithm to generate the signature string (32 uppercase characters)

After getting the final string, compare it with the sign field in the notification message. If they are consistent, the signature verification is successful

Order message notification

Return result example

The string that needs to be signed is: offerId=null&orderId=753955645187293184&outTradeNo=753955643962990592&status=11&statusName=failed&tradeOfferId=null&type=0&typeName=BUYER_ORDER_STATUS&sign={your own appSecret}

Notification field description

orderId: order id, which will be returned after calling the purchase interface

sign field: used for signature verification. For security reasons, it is recommended that you verify the signature

status: order status

1 Waiting for shipment, now status 1 will also be pushed, which means that the order purchase is successful

3 Waiting for receipt, which means that you can notify the users of your platform to accept the quotation

10 Success

11 Order cancellation or order failure

statusName: Order status description

1 waiting_delivery

3 waiting_receive

10 success

11 failed

tradeOfferId: offerId of the steam platform, only returned when the status is 3, spliced to the address of steam accepting the quotation https://steamcommunity.com/tradeoffer/{trdadeOfferId}

offerId: offerId of the CS2DT platform, also can only be returned when the status is 3. You can use the query quotation status interface /open/offer/v1/status to get more information. For example, the steam accounts of both parties in the quotation, and the jewelry information in the quotation, etc.

outTradeNo: merchant order number, this parameter can be passed in when using the v2 version of the purchase interface, and it will be returned together when the callback notification is sent

type: 0 indicates that it is a callback message of the purchase order type

typeName: BUYER_ORDER_STATUS indicates that it is a callback message of this type

Callback Notification Service Description

Update Notes#

20240606#

Prerequisites#

Notification Mechanism#

Signature verification instructions#

Order message notification#

Return result example#

Notification field description#