首先这里硬编码的session_key和open_id是由客户端发出请求，得到code，然后后端通过接口调用得到的openid和对应desession_key. var appsecret = "1234567890xxxxxxxxxxx"; var session_key = "1234567890xxxxxxxxxxx"; var openid ="1234567890xxxxxxxxxxx"; var appid = "1234567890xxxxxxxxxxx"; var offer_id ="1234567890xxxxxxxxxxx"; var ts = parseInt(Date.now()/1000); var zone_id = "1"; var pf =  "android"; var amt = 10; var bill_no = "angus123"; var misecret = "1234567890xxxxxxxxxxx";  // 米大师密钥 var apiUrl = "/cgi-bin/midas/sandbox/pay?access_token="; var sig; var mp_sig; function makeSig(amt, appid, bill_no, offer_id, openid, pf, ts, zone_id, access_token, session_key) { console.log('-----------------begin to makeSig ---------------\n'); var stringA = "" stringA += "amt=" + amt + "&"; stringA += "appid=" + appid + "&"; stringA += "bill_no=" + bill_no + "&"; stringA += "offer_id=" + offer_id + "&"; stringA += "openid=" + openid + "&"; stringA += "pf=" + pf + "&"; stringA += "ts=" + ts + "&"; stringA += "zone_id=" + zone_id; console.log("---------stringA is:\n" + stringA); var stringSignTemp = stringA + "&org_loc="+ apiUrl + access_token + "&method=POST&secret=" + misecret; console.log("---------stringSignTemp is :\n" + stringSignTemp); var signer = cryptImp.createHmac('sha256', misecret); sig = signer.update(stringSignTemp).digest('hex'); console.log("---------sig is:\n" + sig); //----------------------------------------------------- var stringB = "access_token=" + access_token + "&"; stringB += "amt=" + amt + "&"; stringB += "appid=" + appid + "&"; stringB += "bill_no=" + bill_no + "&"; stringB += "offer_id=" + offer_id + "&"; stringB += "openid=" + openid + "&"; stringB += "pf=" + pf + "&"; stringB += "sig=" + sig + "&"; stringB += "ts=" + ts + "&"; stringB += "zone_id=" + zone_id; console.log("-----------stringB is:\n" + stringB); var stringSignTempB = stringB + "&org_loc=" + apiUrl + access_token + "&method=POST&session_key=" + session_key; console.log("-----------stringSignTempB is:\n" + stringSignTempB); var signer2 = cryptImp.createHmac('sha256', session_key); mp_sig = signer2.update(stringSignTempB).digest('hex'); console.log("-----------mp_sig is :" + mp_sig); }; const get_access_token_options = { hostname: 'api.weixin.qq.com', port: 443, path: '/cgi-bin/token?grant_type=client_credential&appid='+appid+'&secret='+appsecret, method: 'GET' }; const req = https.request(get_access_token_options, function (res) { res.on('data', function (d) { var access_token = JSON.parse(d).access_token;  /*这里得到access_token*/ console.log("----------the access_token is : \n" + access_token); { makeSig(amt, appid, bill_no, offer_id, openid, pf, ts, zone_id, access_token, session_key); post_sandbox_body = JSON.stringify({ "access_token": access_token, "amt": amt, "appid": appid, "bill_no": bill_no, "offer_id": offer_id, "openid": openid, "pf": pf, "ts": ts, "zone_id": zone_id, "sig": sig, "mp_sig": mp_sig }); const post_sandbox_options = { hostname: 'api.weixin.qq.com', port: 443, path: '/cgi-bin/midas/sandbox/pay?access_token=' + access_token, method: 'POST', headers: { 'Content-Type':'application/octet-stream',/* 使用application/json也出错 */ 'Content-Length':Buffer.byteLength(post_sandbox_body), } }; console.log("---------post_sandbox_options is:"+JSON.stringify(post_sandbox_options)); console.log("---------post_sandbox_body is :"+ post_sandbox_body); console.log("---------post_path is:" + post_sandbox_options.path); var post_req = https.request(post_sandbox_options,function(res){ //res.setEncoding('utf8'); var _data=""; res.on('data',function(thunk){ _data+=thunk; }); res.on('end',function(){ console.log(JSON.parse(_data)); }); }); post_req.write(post_sandbox_body); post_req.end(); } }); }); req.on('error', function (e) { console.error(e); }); req.end(); 返回错误： { errcode: 90009,   errmsg: 'mp_sig error hint: [d5I4Fa05393037]' } 请官方或者各路大神帮忙看看，是否由问题。 项目马上要收费了，迫在眉睫啊。 跪求，谢谢！

首先这里硬编码的session_key和open_id是由客户端发出请求，得到code，然后后端通过接口调用得到的openid和对应desession_key. var appsecret = "1234567890xxxxxxxxxxx"; var session_key = "1234567890xxxxxxxxxxx"; var openid ="1234567890xxxxxxxxxxx"; var appid = "1234567890xxxxxxxxxxx"; var offer_id ="1234567890xxxxxxxxxxx"; var ts = parseInt(Date.now()/1000); var zone_id = "1"; var pf =  "android"; var amt = 10; var bill_no = "angus123"; var misecret = "1234567890xxxxxxxxxxx";  // 米大师密钥 var apiUrl = "/cgi-bin/midas/sandbox/pay?access_token="; var sig; var mp_sig; function makeSig(amt, appid, bill_no, offer_id, openid, pf, ts, zone_id, access_token, session_key) { console.log('-----------------begin to makeSig ---------------\n'); var stringA = "" stringA += "amt=" + amt + "&"; stringA += "appid=" + appid + "&"; stringA += "bill_no=" + bill_no + "&"; stringA += "offer_id=" + offer_id + "&"; stringA += "openid=" + openid + "&"; stringA += "pf=" + pf + "&"; stringA += "ts=" + ts + "&"; stringA += "zone_id=" + zone_id; console.log("---------stringA is:\n" + stringA); var stringSignTemp = stringA + "&org_loc="+ apiUrl + access_token + "&method=POST&secret=" + misecret; console.log("---------stringSignTemp is :\n" + stringSignTemp); var signer = cryptImp.createHmac('sha256', misecret); sig = signer.update(stringSignTemp).digest('hex'); console.log("---------sig is:\n" + sig); //----------------------------------------------------- var stringB = "access_token=" + access_token + "&"; stringB += "amt=" + amt + "&"; stringB += "appid=" + appid + "&"; stringB += "bill_no=" + bill_no + "&"; stringB += "offer_id=" + offer_id + "&"; stringB += "openid=" + openid + "&"; stringB += "pf=" + pf + "&"; stringB += "sig=" + sig + "&"; stringB += "ts=" + ts + "&"; stringB += "zone_id=" + zone_id; console.log("-----------stringB is:\n" + stringB); var stringSignTempB = stringB + "&org_loc=" + apiUrl + access_token + "&method=POST&session_key=" + session_key; console.log("-----------stringSignTempB is:\n" + stringSignTempB); var signer2 = cryptImp.createHmac('sha256', session_key); mp_sig = signer2.update(stringSignTempB).digest('hex'); console.log("-----------mp_sig is :" + mp_sig); }; const get_access_token_options = { hostname: 'api.weixin.qq.com', port: 443, path: '/cgi-bin/token?grant_type=client_credential&appid='+appid+'&secret='+appsecret, method: 'GET' }; const req = https.request(get_access_token_options, function (res) { res.on('data', function (d) { var access_token = JSON.parse(d).access_token;  /*这里得到access_token*/ console.log("----------the access_token is : \n" + access_token); { makeSig(amt, appid, bill_no, offer_id, openid, pf, ts, zone_id, access_token, session_key); post_sandbox_body = JSON.stringify({ "access_token": access_token, "amt": amt, "appid": appid, "bill_no": bill_no, "offer_id": offer_id, "openid": openid, "pf": pf, "ts": ts, "zone_id": zone_id, "sig": sig, "mp_sig": mp_sig }); const post_sandbox_options = { hostname: 'api.weixin.qq.com', port: 443, path: '/cgi-bin/midas/sandbox/pay?access_token=' + access_token, method: 'POST', headers: { 'Content-Type':'application/octet-stream',/* 使用application/json也出错 */ 'Content-Length':Buffer.byteLength(post_sandbox_body), } }; console.log("---------post_sandbox_options is:"+JSON.stringify(post_sandbox_options)); console.log("---------post_sandbox_body is :"+ post_sandbox_body); console.log("---------post_path is:" + post_sandbox_options.path); var post_req = https.request(post_sandbox_options,function(res){ //res.setEncoding('utf8'); var _data=""; res.on('data',function(thunk){ _data+=thunk; }); res.on('end',function(){ console.log(JSON.parse(_data)); }); }); post_req.write(post_sandbox_body); post_req.end(); } }); }); req.on('error', function (e) { console.error(e); }); req.end(); 返回错误： { errcode: 90009,   errmsg: 'mp_sig error hint: [d5I4Fa05393037]' } 请官方或者各路大神帮忙看看，是否由问题。 项目马上要收费了，迫在眉睫啊。 再次跪求，谢谢！

调用接口出错：https://api.weixin.qq.com/cgi-bin/midas/sandbox/pay?access_token=ACCESS_TOKEN 出错代码： { errcode: 90009,   errmsg: 'mp_sig error hint: [x0kHWa08621092]' } 第一：已经根据 https://developers.weixin.qq.com/minigame/dev/tutorial/open-ability/midas-signature.html 对自己的签名方法进行了测试，结果正确。 ---------check the nodejs crypt sha256 sign method with digest ('hex') the target is :1ad64e8dcb2ec1dc486b7fdf01f4a15159fc623dc3422470e51cf6870734726b the sig result:1ad64e8dcb2ec1dc486b7fdf01f4a15159fc623dc3422470e51cf6870734726b ---------the sha256 digest with ('hex') sig check is success! ---------check the nodejs crypt sha256 sign method with digest ('hex') the target is :ff4c5bb39dea1002a8f03be0438724e1a8bcea5ebce8f221f9b9fea3bcf3bf76 mp_sig  result:ff4c5bb39dea1002a8f03be0438724e1a8bcea5ebce8f221f9b9fea3bcf3bf76 ---------the sha256 digest with ('hex') mp_sig check is success! 第二：测试pay接口有几个疑问。 1、post options的参数是否设置正确？ const post_sandbox_options = { hostname: 'api.weixin.qq.com', port: 443, path: '/cgi-bin/midas/sandbox/pay?access_token=' + access_token, method: 'POST', headers: { 'Content-Type':'application/json', 'Content-Length':post_sandbox_body.length, } }; 2、post的body数据，是不是要包含access_token? {"access_token":"17_4uVhw70eDY0NwVVt1yXw8tbPPgmfDc-Z6mmiM_-DyCFo6vLhRiy8PRF1r_nbNfqNhfqj3uoc3qpjoErDqLSQ3elElITaaYyk03K3Yfe_2Xj-GoZpDx6bWamVhEUOIOZzRpwyImBaKUcutsmSIGNdAFAXVC", "amt":10, "appid":"wxf1453401f1893750", "bill_no":"angus123", "offer_id":"1450019397", "openid":"otyb-4_WbtJc0W6va70J8sbMWGps", "pf":"android", "ts":1548338038, "zone_id":"1", "sig":"795a63ba873783438aeca33790f05f3b2de7e16fa4a23fd33131d48e2402fef9", "mp_sig":"657ea92d78a53e5d3dfca18d3b7190fed0c154182bdd14755d70ced92283d665" } 3、post的url路径是不是正确 https://api.weixin.qq.com/cgi-bin/midas/sandbox/pay?access_token=17_4uVhw70eDY0NwVVt1yXw8tbPPgmfDc-Z6mmiM_-DyCFo6vLhRiy8PRF1r_nbNfqNhfqj3uoc3qpjoErDqLSQ3elElITaaYyk03K3Yfe_2Xj-GoZpDx6bWamVhEUOIOZzRpwyImBaKUcutsmSIGNdAFAXVC 这里卡了一天了，请帮忙看一下。 谢谢！