API Integration Support

I. Communication Method

Communication Protocol All API requests are transmitted via the HTTP protocol, supporting both GET and POST methods. Due to data length restrictions for GET requests, the POST method must be used for large data payloads.

Security & Authentication To ensure request authenticity and prevent data tampering, all parameters must be Base64-encoded and secured with a SHA256 signature. All response messages are returned in JSON format.

II. Communication Protocol

2.1 Request Message Structure

Both GET and POST requests must include the following three public parameters:

Field Name	Chinese Name	Mandatory	Description
param	业务参数	Yes	Business request parameters encoded in BASE64

sign	签名数据	Yes	The value obtained by SHA256 signing param + saltKey (secret key)
sType	签名类型	Yes	Signature type, fixed as s256 (indicating SHA256)

2.2 Param Business Parameter Structure

Field Name	Chinese Name	Description
appId	应用ID	The application ID initiating the business request
_flowNo	业务流水号	Unique business request serial number (random string)
_bizTime	业务发生时间	Time of business invocation (millisecond timestamp,timestamp needs to be within 10 minutes from time of request)

Example Business Parameters:

{
  "_flowNo": "b95a5b5d5b5c5e5f5a5b5c5d5e5f5a5b",
  "_bizTime": 1672531200000,
  "appId": "your_app_id",
  "key1": "value1",
  "key2": "value2"
}

2.3 Signature Generation Process

（1）Convert business parameters into a JSON string
（2）Encode the string in Base64 to get param
（3）Concatenate param + saltKey (secret key)
（4）Encrypt the concatenated result with SHA256 to get the signature value (sign)

Java Code Example

// Business parameters
TreeMap treeMap = new TreeMap();
treeMap.put("simNoList","123,456");
treeMap.put("_flowNo", UUID.randomUUID().toString().replace("-",""));
treeMap.put("_bizTime",System.currentTimeMillis());
treeMap.put("appId",appId);
String paramStr = JSON.toJSONString(treeMap);
String param = Base64.getEncoder().encodeToString(paramStr.getBytes());
String sign = JsMessageDigestUtil.SHA256(param + saltKey);

2.4 Request Examples

✅ POST Request
Content-Type: application/json
Body:

{
  "param": "eyJfZmxvd05vIjoi...",
  "sign": "a1b2c3d4e5...",
  "sType": "s256"
}

✅ GET Request
URL Format:

https://api.nbsim.com/path?param=xxx&sign=xxx&sType=s256

III. Response Message Structure

All responses follow the JSON format below

3.1 Successful Response

{
  "code": 0,
  "msg": "Success",
  "data": { ... }
}

3.2 Failed Response

{
  "code": 7400,
  "msg": "appId does not exist",
   data: null
}

3.3 Response Field Description

Field Name	Chinese Name	Description
code	响应码	0 = Success; Other values = Failure
msg	提示信息
data	业务数据	Specific data refers to the interface description

IV. Unified Error Codes

Standard system error codes are defined as follows:

code	message
7400	appId does not exist
7401	Signature verification failed
others	HTTP status code or custom error code

V. Security Specifications

5.1 Communication Security

All requests must carry a signature, which will be verified by the server

5.2 Data Security

（1）Business parameters must be transmitted after Base64 encoding

（2）Use SHA256 signature to ensure request integrity (prevent tampering)

（3）saltKey is confidential information and must not be disclosed

VI. Download Java Test Cases

https://github.com/nishuibaichuan/NBSIM-Java-Signature

Ⅶ. Postman Example

https://github.com/nishuibaichuan/NBSIM-Open-API.postman_collection

I. Communication Method#

II. Communication Protocol#

2.1 Request Message Structure#

2.2 Param Business Parameter Structure#

Example Business Parameters:#

2.3 Signature Generation Process#

Java Code Example#

2.4 Request Examples#

III. Response Message Structure#

3.1 Successful Response#

3.2 Failed Response#

3.3 Response Field Description#

IV. Unified Error Codes#

V. Security Specifications#

5.1 Communication Security#

5.2 Data Security#

VI. Download Java Test Cases#

Ⅶ. Postman Example#