EIOTCLUB Integration Notes
Environment variables
Add these on the VM in /opt/aovis/aovis-store-staging/.env.production:
EIOTCLUB_APP_KEYEIOTCLUB_SECRETEIOTCLUB_BASE_URL=https://oapi.eiotclub.comEIOTCLUB_WEBHOOK_SECRET
If the first two are missing, the client returns null / EIOTCLUB not configured instead of throwing. EIOTCLUB_WEBHOOK_SECRET may reuse EIOTCLUB_SECRET if EIOTCLUB configured it that way.
IP whitelist
EIOTCLUB requires the VM outbound IP to be whitelisted in its platform before API calls can succeed.
- Current VM outbound IP:
8.229.42.246 - Whitelist status: pending EIOTCLUB confirmation
- Expected location in EIOTCLUB:
boss.eiotclub.com→平台设置→白名单设置 - EIOTCLUB notes indicate up to 15 IPs per account and a rate limit of 10 requests/sec per account.
Webhook URL
Configure the EIOTCLUB callback URL as:
https://aovis.app/api/webhooks/eiotclub
Signature rules
There are two different SHA1 signing rules:
- API request signing: include
appkey,timestamp,nonce, and business params, sort by ASCII key order, concatenate askey=value&..., append&secret=..., then SHA1 and uppercase. - Webhook signature verification: exclude
sign, do not includeappkey, sort the remaining fields by ASCII key order, stringify nested objects / arrays withJSON.stringify, append&secret=..., then SHA1 and uppercase.
See lib/eiotclub.ts for the implementation.
Connectivity test script
After the VM env vars and whitelist are ready, run:
npx tsx scripts/test-eiotclub-connection.ts
# or
npm run eiotclub:connection-test
The script performs:
- A signature self-check against the documented golden sample.
- A real
getCardInforequest using the first provided test ICCID.
Smoke script
For read-only connectivity checks:
npm run eiotclub:smoke -- account-balance
npm run eiotclub:smoke -- card-count
npm run eiotclub:smoke -- cards --page 1 --size 5
npm run eiotclub:smoke -- card --iccid 8910300000050270479