Signature rules

1. $str1: Splice x-api-key, x-api-nonce, and x-api-timestamp in the request hearer 
to obtain the string $str1
2. $str2: Copy the request params set is sorted from small to large in ASCII code, 
the parameter value is urlencoded once, and the $str2 obtained is spliced together 
according to the key=value method.
(example: out_trade_no=o6868686868&amount=10&notify_url=http%3A%2F%2Fgoogle.com)
3. Concatenate $str1 and $str2 to obtain the string $str3
4. Use $str3 as the message and apisecret as the key, 
and perform sha256 hash algorithm operation to obtain the signature string(hex) sign

The value of the request parameter should be urlencoded when generating $str2,
But the original value should remain unchanged

<?php

$apikey    = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx';
$apisecret = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx';

$header = [
    'x-api-key'       => $apikey,
    'x-api-uid'       => '1001',
    'x-api-nonce'     => 'abc',
    'x-api-timestamp' => 1677227675,
    'x-api-signature' => '',
];
$params = [
    'out_trade_no'    => 'ac0948s23421123',
    'assets'          => 'TRC20-USDT',
    'amount'          => '100',
    'notify_url'      => 'http://baidu.com',
];

$args = [];
foreach ($params as $key => $val) {
    $args[$key] = $val;
}
ksort($args);

// 1. Splice x-api-key, x-api-nonce, and x-api-timestamp in the request hearer to obtain the string str1
$str1 = $header['x-api-key'] . $header['x-api-nonce'] . $header['x-api-timestamp'];
// 2. After sorting the interface parameter set from small to large in ASCII code (lexicographic order), the string str2 is obtained by splicing it together according to the key=value method.
$str2 = http_build_query($args);
// 3. Concatenate str1 and str2 to obtain the string str3
$str3 = $str1 . $str2;
// 4. Use str3 as the message and apisecret as the key, and perform sha256 hash algorithm operation to obtain the signature string sign
$sign = hash_hmac('sha256', $str3, $apisecret);

$header['x-api-signature'] = $sign;

// echo "sign: {$sign}";