Merchant Dashboard

+5%

Available Credit

+0%

Active

API Key Status

Credit Status

Available Credit

Limit

Used

Active

Status

Credit Overview

Available Credit

Limit

Used

Active

Status

Credit Utilization

0% used $0 available

Transaction History

Reference No	Type	Amount	Balance Before	Balance After	Date
Loading...

Your API Key

Use this API key to access the API programmatically. The key is only shown once when generated.

API Key

••••••••••••••••••••••••••••••••

API Key Mask

Not available

Created At

Not available

Warning: Regenerating your API key will invalidate the current key immediately. Make sure to update your applications with the new key.

App Credentials (B-End API)

Use these credentials for B-end API integration. Keys are only shown once when created.

App Name

App ID

Not available

Secret Key (AES Encryption)

••••••••••••••••••••••••••••••••

Sign Key (HMAC Signature)

••••••••••••••••••••••••••••••••

Warning: Regenerating keys will invalidate the current keys immediately. Secret Key regeneration requires captcha verification.

Create App (B-End API)

Create an App to access B-end APIs. You will receive App ID, Secret Key and Sign Key. Save these keys immediately - they will only be shown once!

App Name *

Communication Protocol

All B-End API requests use AES-256-GCM encryption for request/response body and HMAC-SHA256 for request signing.

Request Flow

Build request body (JSON)
Encrypt body with AES-256-GCM using Secret Key
Generate HMAC-SHA256 signature
Send with headers: App-ID, Timestamp, Sign

Response Flow

Receive encrypted response
Verify response signature
Decrypt body with AES-256-GCM
Parse JSON response

Base URL

                                https://hishopping.xyz/api/v1/b
                            

Required Headers

App-ID: {your_app_id}
Timestamp: {unix_timestamp}
Sign: {hmac_signature}
Content-Type: application/json

Encryption & Signing Details

AES-256-GCM Encryption

encrypted = AES-256-GCM(body, secret_key)

Algorithm: AES-256-GCM
Key: Your Secret Key (32 bytes)
IV: Random 12 bytes (included in output)
Output: Base64(iv + ciphertext + tag)

HMAC-SHA256 Signing

sign = HMAC-SHA256(app_id + timestamp, sign_key)

Algorithm: HMAC-SHA256
Key: Your Sign Key
Data: app_id concatenated with timestamp
Output: Hex encoded string

Your Credentials

App ID

Sign Key (HMAC)

Secret Key (AES)

Important: Sign Key and Secret Key were only shown when your App was created. If you lost them, you can regenerate Sign Key in API Key page (Secret Key cannot be recovered).

Example: Get Product List

Complete implementation showing data structure, AES encryption, HMAC signing, and request assembly.

Signing Process

Build business params → JSON string
AES-GCM encrypt params (key=Secret Key) → data
Build sign data: {app_id, nonce, timestamp, data}
Sort keys by ASCII → JSON serialize → sign string
HMAC-SHA256 sign (key=Sign Key) → sign
Send request with app_id, nonce, timestamp, data, sign

# Select a language above to see the complete code example

API Endpoints

Method	Endpoint	Request Body	Description
GET	`/products`	-	List products with pagination
GET	`/products/:id`	-	Get product detail by ID
GET	`/products/sku/:sku`	-	Get product by SKU
POST	`/orders`	CreateOrderRequest	Create a new order
POST	`/batch-orders`	CreateBatchOrderRequest	Create batch orders
GET	`/orders/:order_no`	-	Get order detail
GET	`/orders/merchant/:merchant_order`	-	Get order by merchant order number
GET	`/batch-orders/:batch_no`	-	Get batch order detail
GET	`/credit`	-	Get credit info
GET	`/credit/transactions`	-	List credit transactions

Data Structures

CreateOrderRequest

{
  "goods_id": "string",           // Required: Product ID
  "sku_id": "string",             // Required: SKU ID
  "quantity": 1,                  // Required: Quantity to order
  "merchant_order_no": "string",  // Optional: Your order reference
  "shipping_address": {           // Required: Shipping address
    "name": "string",
    "phone": "string",
    "address": "string",
    "city": "string",
    "country": "string",
    "postal_code": "string"
  }
}

Standard Response

{
  "code": 0,              // 0 = success, others = error
  "message": "success",   // Error message if code != 0
  "data": { ... }         // Response data (varies by endpoint)
}

Response Codes

Code	Description
`0`	Success
`1001`	Invalid signature
`1002`	App not found
`1003`	App disabled
`1004`	Missing auth header
`1005`	Invalid timestamp
`1006`	Decryption failed
`2001`	Insufficient credit
`2002`	Duplicate order
`3001`	Product not found
`3002`	Product out of stock
`4001`	Invalid parameters
`5001`	Internal server error

Dashboard Overview

Credit Status

Credit Management

Credit Overview

Credit Utilization

Transaction History

API Key Management

Your API Key

App Credentials (B-End API)

Create App (B-End API)

Profile

Merchant Information

Bank Account

Security

Change Password

Temu Products

B-End API Documentation

Communication Protocol

Request Flow

Response Flow

Base URL

Required Headers

Encryption & Signing Details

AES-256-GCM Encryption

HMAC-SHA256 Signing

Your Credentials

Example: Get Product List

Signing Process

API Endpoints

Data Structures

CreateOrderRequest

Standard Response

Response Codes

Dashboard Overview

Credit Status

Credit Management

Credit Overview

Credit Utilization

Transaction History

API Key Management

Your API Key

App Credentials (B-End API)

Create App (B-End API)

Profile

Merchant Information

Bank Account

Security

Change Password

Temu Products

B-End API Documentation

Communication Protocol

Request Flow

Response Flow

Base URL

Required Headers

Encryption & Signing Details

AES-256-GCM Encryption

HMAC-SHA256 Signing

Your Credentials

Example: Get Product List

Signing Process

API Endpoints

Data Structures

CreateOrderRequest

Standard Response

Response Codes

Edit Merchant Profile

Company Information

Address

Bank Account

Create Merchant Profile

App Information

Company Information

Address

Order Details

Product Details

Regenerate API Key

Regenerate Sign Key

Regenerate Secret Key