Account rate
Endpoint
POSThttps://api-merchant.alikassa.io/v1/account/rate📋
Headers
| Header | Value |
|---|---|
| Content-Type | application/json |
| Account | Your account UUID, you can find it in Accounts |
| Sign | Request signature |
Response
| Name | Description |
|---|---|
| rate | Current rate for the account |
| updated_at | The time of the last rate update (UTC+3) |
Response Examples
Successful response (HTTP 200):
The updated_at value is in UTC+3.
{
"rate": "482.000000000",
"updated_at": "2026-04-22 14:30:00"
}
Error response (HTTP 400):
{
"message": "Rate request is not available for this account."
}
500 Server Error — Unexpected server-side error. An internal error occurred while processing the request. If you receive this error, contact support with the request and response logs.
{
"message": "Internal server error"
}
Important Notes
caution
This method is available only for accounts that support rate retrieval.
caution
When requesting balance, use a withdrawal certificate
Example Implementation
function requestRate(string $method, string $account, array $data)
{
$data = json_encode($data);
$privateKey = openssl_pkey_get_private(
file_get_contents(__DIR__ . '/cert/payout/private.pem'),
file_get_contents(__DIR__ . '/cert/payout/password.txt')
);
if ($privateKey === false) {
throw new \Exception('Error cert.');
}
openssl_sign($data, $sign, $privateKey);
$sign = base64_encode($sign);
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://api-merchant.alikassa.io/' . $method);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
curl_setopt($ch, CURLOPT_HTTPHEADER, [
'Content-Type: application/json',
'Account: ' . $account,
'Sign: ' . $sign,
]);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_USERAGENT, 'AliKassa2.0 API');
curl_setopt($ch, CURLOPT_TIMEOUT, 30);
$response = curl_exec($ch);
return json_decode($response, true);
}
$rate = requestRate(
'v1/account/rate',
'93d5df06-996c-48c3-9847-348d6b580b80',
[]
);
var_dump($rate);
const fs = require('fs');
const https = require('https');
const crypto = require('crypto');
function requestRate(method, account, data) {
const body = JSON.stringify(data);
let privateKey;
try {
privateKey = crypto.createPrivateKey({
key: fs.readFileSync(`${__dirname}/cert/payout/private.pem`, 'utf8'),
passphrase: fs
.readFileSync(`${__dirname}/cert/payout/password.txt`, 'utf8')
.trim(),
});
} catch {
throw new Error('Error cert.');
}
const sign = crypto.createSign('RSA-SHA1');
sign.update(body);
sign.end();
const signature = sign.sign(privateKey, 'base64');
return new Promise((resolve, reject) => {
const req = https.request(
{
hostname: 'api-merchant.alikassa.io',
path: `/${method}`,
method: 'POST',
headers: {
'Content-Type': 'application/json',
Account: account,
Sign: signature,
'Content-Length': Buffer.byteLength(body),
'User-Agent': 'AliKassa2.0 API',
},
rejectUnauthorized: false,
},
(res) => {
let raw = '';
res.on('data', (c) => (raw += c));
res.on('end', () => {
try {
resolve(raw ? JSON.parse(raw) : null);
} catch (e) {
reject(e);
}
});
},
);
req.on('error', reject);
req.setTimeout(30000, () => req.destroy(new Error('timeout')));
req.write(body);
req.end();
});
}
(async () => {
const rate = await requestRate(
'v1/account/rate',
'93d5df06-996c-48c3-9847-348d6b580b80',
[],
);
console.log(rate);
})();
import base64
import json
import ssl
import urllib.request
from pathlib import Path
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import hashes, serialization
from cryptography.hazmat.primitives.asymmetric import padding
def request_rate(method: str, account: str, data):
body = json.dumps(data, separators=(",", ":")).encode("utf-8")
base = Path(__file__).resolve().parent
try:
key_pem = (base / "cert/payout/private.pem").read_bytes()
password = (base / "cert/payout/password.txt").read_text().strip().encode()
private_key = serialization.load_pem_private_key(
key_pem, password=password, backend=default_backend()
)
except Exception:
raise RuntimeError("Error cert.") from None
signature = private_key.sign(body, padding.PKCS1v15(), hashes.SHA1())
sign_b64 = base64.b64encode(signature).decode("ascii")
req = urllib.request.Request(
f"https://api-merchant.alikassa.io/{method}",
data=body,
method="POST",
headers={
"Content-Type": "application/json",
"Account": account,
"Sign": sign_b64,
"User-Agent": "AliKassa2.0 API",
},
)
ctx = ssl.create_default_context()
ctx.check_hostname = False
ctx.verify_mode = ssl.CERT_NONE
with urllib.request.urlopen(req, context=ctx, timeout=30) as resp:
raw = resp.read().decode("utf-8")
return json.loads(raw) if raw else None
if __name__ == "__main__":
rate = request_rate(
"v1/account/rate",
"93d5df06-996c-48c3-9847-348d6b580b80",
[],
)
print(rate)
import com.fasterxml.jackson.databind.ObjectMapper;
import java.net.URI;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.Path;
import java.security.PrivateKey;
import java.security.Security;
import java.security.Signature;
import java.time.Duration;
import java.util.Base64;
import java.util.List;
import java.util.Map;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.bouncycastle.operator.InputDecryptorProvider;
import org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo;
import org.bouncycastle.pkcs.jcajce.JcePKCSPBEInputDecryptorProviderBuilder;
public class Main {
private static final ObjectMapper MAPPER = new ObjectMapper();
public static Object requestRate(String method, String account, Object data) throws Exception {
String body = MAPPER.writeValueAsString(data);
PrivateKey privateKey;
try {
privateKey = loadPrivateKey(
Path.of("cert/payout/private.pem"), Path.of("cert/payout/password.txt"));
} catch (Exception e) {
throw new Exception("Error cert.");
}
Signature sig = Signature.getInstance("SHA1withRSA");
sig.initSign(privateKey);
sig.update(body.getBytes(StandardCharsets.UTF_8));
String signB64 = Base64.getEncoder().encodeToString(sig.sign());
HttpClient client =
HttpClient.newBuilder()
.connectTimeout(Duration.ofSeconds(30))
.sslContext(insecureSslContext())
.build();
HttpRequest req =
HttpRequest.newBuilder()
.uri(URI.create("https://api-merchant.alikassa.io/" + method))
.timeout(Duration.ofSeconds(30))
.header("Content-Type", "application/json")
.header("Account", account)
.header("Sign", signB64)
.header("User-Agent", "AliKassa2.0 API")
.POST(HttpRequest.BodyPublishers.ofString(body))
.build();
HttpResponse<String> resp = client.send(req, HttpResponse.BodyHandlers.ofString());
String raw = resp.body();
return raw == null || raw.isEmpty() ? null : MAPPER.readValue(raw, Object.class);
}
private static PrivateKey loadPrivateKey(Path pemPath, Path passPath) throws Exception {
if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) {
Security.addProvider(new BouncyCastleProvider());
}
String pem = Files.readString(pemPath);
char[] pass = Files.readString(passPath).trim().toCharArray();
try (PEMParser parser = new PEMParser(new java.io.StringReader(pem))) {
Object o = parser.readObject();
JcaPEMKeyConverter conv = new JcaPEMKeyConverter().setProvider("BC");
if (o instanceof PKCS8EncryptedPrivateKeyInfo) {
InputDecryptorProvider dec =
new JcePKCSPBEInputDecryptorProviderBuilder()
.setProvider("BC")
.build(pass);
return conv.getPrivateKey(((PKCS8EncryptedPrivateKeyInfo) o).decryptPrivateKeyInfo(dec));
}
if (o instanceof org.bouncycastle.openssl.PEMKeyPair) {
return conv.getKeyPair((org.bouncycastle.openssl.PEMKeyPair) o).getPrivate();
}
if (o instanceof org.bouncycastle.asn1.pkcs.PrivateKeyInfo) {
return conv.getPrivateKey((org.bouncycastle.asn1.pkcs.PrivateKeyInfo) o);
}
}
throw new IllegalArgumentException();
}
private static SSLContext insecureSslContext() throws Exception {
TrustManager[] trustAll =
new TrustManager[] {
new X509TrustManager() {
public void checkClientTrusted(
java.security.cert.X509Certificate[] c, String t) {}
public void checkServerTrusted(
java.security.cert.X509Certificate[] c, String t) {}
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return new java.security.cert.X509Certificate[0];
}
}
};
SSLContext ctx = SSLContext.getInstance("TLS");
ctx.init(null, trustAll, new java.security.SecureRandom());
return ctx;
}
public static void main(String[] args) throws Exception {
Object rate = requestRate("v1/account/rate", "93d5df06-996c-48c3-9847-348d6b580b80", List.of());
System.out.println(rate);
}
}
package main
import (
"bytes"
"crypto"
"crypto/rand"
"crypto/rsa"
"crypto/sha1"
"crypto/tls"
"encoding/base64"
"encoding/json"
"fmt"
"io"
"net/http"
"os"
"time"
"golang.org/x/crypto/ssh"
)
func requestRate(method, account string, data any) (map[string]any, error) {
body, err := json.Marshal(data)
if err != nil {
return nil, err
}
pemBytes, err := os.ReadFile("cert/payout/private.pem")
if err != nil {
return nil, fmt.Errorf("Error cert.")
}
passBytes, err := os.ReadFile("cert/payout/password.txt")
if err != nil {
return nil, fmt.Errorf("Error cert.")
}
pass := bytes.TrimSpace(passBytes)
rawKey, err := ssh.ParseRawPrivateKeyWithPassphrase(pemBytes, pass)
if err != nil {
return nil, fmt.Errorf("Error cert.")
}
key, ok := rawKey.(*rsa.PrivateKey)
if !ok {
return nil, fmt.Errorf("Error cert.")
}
sum := sha1.Sum(body)
sig, err := rsa.SignPKCS1v15(rand.Reader, key, crypto.SHA1, sum[:])
if err != nil {
return nil, err
}
sign := base64.StdEncoding.EncodeToString(sig)
client := &http.Client{
Timeout: 30 * time.Second,
Transport: &http.Transport{
TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
},
}
req, err := http.NewRequest(
http.MethodPost,
"https://api-merchant.alikassa.io/"+method,
bytes.NewReader(body),
)
if err != nil {
return nil, err
}
req.Header.Set("Content-Type", "application/json")
req.Header.Set("Account", account)
req.Header.Set("Sign", sign)
req.Header.Set("User-Agent", "AliKassa2.0 API")
resp, err := client.Do(req)
if err != nil {
return nil, err
}
defer resp.Body.Close()
b, err := io.ReadAll(resp.Body)
if err != nil {
return nil, err
}
if len(b) == 0 {
return nil, nil
}
var out map[string]any
if err := json.Unmarshal(b, &out); err != nil {
return nil, err
}
return out, nil
}
func main() {
rate, err := requestRate(
"v1/account/rate",
"93d5df06-996c-48c3-9847-348d6b580b80",
[]any{},
)
if err != nil {
panic(err)
}
fmt.Println(rate)
}