Dashboard Overview
Statistics
Balance Management
Balance Overview
Available Balance
$0
$0
Unpaid
2%
Fee Rate
$1,600
Max/Order
Active
Status
Balance Utilization
0% used
$0 available
Orders
| Order No | Merchant Order | Goods Amount | Fee | Total Charge | Status | Date |
|---|---|---|---|---|---|---|
| Loading… | ||||||
Page 1
App Credentials
Create App (B-End API)
Create an App to access B-end APIs. You will receive App ID, Secret Key and Sign Key. Save these keys immediately - they will only be shown once!
Success! Your App has been created. Save these credentials immediately - they will not be shown again!
Profile
Merchant Information
Loading...
Bank Account
Loading...
Security
Change Password
Temu Products
Loading products...
Page 1
B-End API Documentation
Quick Start
1
Create an App
Copy the Secret Key and Sign Key when they are shown. They are displayed once.
2
Encrypt the payload
Use AES-GCM with the Secret Key. Send the hex value in the envelope's data field.
3
Sign the envelope
Sign sorted JSON of app_id, nonce, timestamp, and data.
4
Send and retry safely
Use a unique nonce. Reuse the same merchant_order for idempotent order retries.
AES-GCM request body
HMAC-SHA256 signature
5 minute timestamp window
Single-use nonce
Base URL
/api/v1/b
Request Envelope
Content-Type: application/json
Body keys: app_id, nonce, timestamp, data, sign
Encryption & Signing Details
AES-256-GCM Encryption
data = hex(nonce + ciphertext + tag)
- Algorithm: AES-256-GCM
- Key: Your Secret Key. If shorter than 32 bytes, SHA-256 derived key is used.
- IV: Random 12 bytes (included in output)
- Output: Hex(nonce + ciphertext + tag)
HMAC-SHA256 Signing
sign = HMAC-SHA256(sorted_json(envelope), sign_key)
- Algorithm: HMAC-SHA256
- Key: Your Sign Key
- Data: sorted JSON of app_id, nonce, timestamp, data
- Output: Hex encoded string
Your Credentials
-
-
-
Important: Sign Key and Secret Key were only shown when your App was created.
If you lost them, you can regenerate Sign Key in the Credentials page (Secret Key cannot be recovered).
Example: Create Order
Complete implementation showing order payload structure, AES encryption, HMAC signing, and request assembly.
Signing Process
- Build business params → JSON string
- AES-GCM encrypt params (key=Secret Key) →
data - Build sign data:
{app_id, nonce, timestamp, data} - Sort keys by ASCII → JSON serialize → sign string
- HMAC-SHA256 sign (key=Sign Key) →
sign - Send request with
app_id, nonce, timestamp, data, sign
# Select a language above to see the complete code example
API Endpoints
| Method | Endpoint | Request Body | Description |
|---|---|---|---|
| GET | /products |
- | List products with optional category_id, keyword, page, page_size query params. |
| GET | /products/:id |
- | Get product detail by numeric ID (includes SKU list). |
| GET | /products/sku/:sku |
- | Get product by SKU ID. |
| POST | /orders |
Signed envelope → CreateOrderRequest |
Create a single order. Body must be AES-encrypted and HMAC-signed. Use the same merchant_order to retry idempotently. |
| POST | /batch-orders |
Signed envelope → CreateBatchOrderRequest |
Submit up to 100 orders in one request. Body must be AES-encrypted and HMAC-signed. Orders are processed asynchronously. |
| GET | /orders/:order_no |
- | Get order detail by platform order number. |
| GET | /orders/merchant/:merchant_order |
- | Get order by your own merchant_order reference. |
| GET | /batch-orders/:batch_no |
- | Get batch job status and per-order results. |
| GET | /balance |
- | Get current prepay balance (limit, used, available, status). |
| GET | /balance/transactions |
- | List balance transactions. Optional: transaction_type, start_date, end_date, page, page_size. |
| GET | /balance/bills |
- | List settlement bills. Optional: status, page, page_size. |
Data Structures
CreateOrderRequest
{
"merchant_order": "PO-20260425-001",
"items": [
{"sku_id": "SKU_789012", "quantity": 2}
],
"receiver_name": "John Doe",
"receiver_phone": "+971501234567",
"receiver_email": "buyer@example.com",
"country": "AE",
"province": "Dubai",
"city": "Dubai",
"district": "Business Bay",
"address": "Sheikh Zayed Road",
"zip_code": "00000",
"callback_url": "https://merchant.example.com/order-callback",
"remark": "Leave at reception"
}
Standard Response
{
"code": 0, // 0 = success, others = error
"message": "success", // Error message if code != 0
"data": { ... } // Response data (varies by endpoint)
}
Response Codes
| Code | Description |
|---|---|
0 | Success |
400 | Invalid request parameters — check the field named in message |
401 | Missing or invalid X-App-ID / X-App-Key credentials |
403 | Forbidden — credentials valid but action not permitted |
404 | Resource not found |
500 | Unexpected server error — contact support with the trace_id |
1001 | Signature or AES decryption failed — check Secret Key and Sign Key |
1002 | App is disabled — contact the platform |
1003 | Request timestamp is outside the ±5 minute tolerance window — sync your clock |
1004 | Nonce already used — each request must use a unique nonce |
2001 | Order creation failed due to an infrastructure error — retry after a short delay or contact support |
2002 | Insufficient stock — one or more SKUs do not have enough inventory |
2003 | Insufficient balance or balance account is not active |
2010 | Merchant account is not yet approved for placing orders |
2011 | Product not found — check that the SKU ID exists and has a valid price |
2012 | Idempotency conflict — merchant_order already exists with different content; do not retry with the same key |
2013 | app_id in the request body does not match your authenticated credentials |
2014 | Concurrent request detected — wait 1–2 seconds and retry |
2020 | Unsupported pay_type — currently only 1 (balance) is accepted |
2021 | Duplicate merchant_order within the same batch — each order in a batch must have a unique key |