HTTP Body签名
定义
云商店每次调用商家的接口时会根据一定规则对请求生成signature,并且将signature通过URL PARAMS的方式添加到URL上,商家在接收到请求后需要同样的规则对请求体进行重新计算signature,并且与云商店传递的signature相比较,完全相同即为校验通过,通过URL PARAMS传递的参数有:
参数 |
取值 |
描述 |
---|---|---|
signature |
String |
加密签名,通过一定的规则对请求进行签名产生的值。 |
timestamp |
Long |
UNIX 时间戳(单位秒),商家需要校验这个时间戳与当前时间相差不超过60s。 |
nonce |
String |
随机字符串,云商店在每次调用时会随机生成,商家可以通过对这个随机数的缓存来防御API重放攻击。 |
生成规则
- 对请求参数排序,根据参数名自然排序,例如,以字母a开头的参数名会排在以b开头的参数后面,如果首字母相同,将会对第二个字母进行排序,以此类推,直到字符串结束
- 获取规范请求字符串,规则:
canonicalRequest = accessKey + nonce + timestamp + Lowercase(HexEncode(HMAC_SHA256 (RequestPayload)))
- 根据规则对规范请求字符串,密钥取signature值,规则:
signature = HexEncode(HMAC_SHA256(canonicalRequest))
注意:accessKey即为访问密钥
举例
商家收到的调用请求数据示例如下:
curl -X POST -H 'Content-Type: application/json' 'https://www.isvwebsite.com/saasproduce?signature=af71c5a7ef45310b8dc05ab15f********379ebaa5eb61155c0×tamp=1666677988730&nonce=RLLUammMSInlrNWb' --data '{"activity":"newInstance","buyerInfo":{"customerId":"688055*******f1aa90f1858","customerName":"CBC_marketplace_mw*******1","userId":"1e8**********7df834e4fe","userName":"CBC_marketplace_********1","mobilePhone":"1865********","email":"********@huawei.com"},"orderInfo":[{"businessId":"8a2************88-f41090522646","orderId":"CS**********","trialFlag":"0","orderAmount":12.78,"chargingMode":"PERIOD","periodType":"month","periodNumber":5,"provisionType":1,"productInfo":[{"skuCode":"a63ee5c9-4f86-11ed-9f95-fa163e8cb3b2","productId":"OFFI7889636**********8","linearValue":20}],"createTime":"20221024194509","expireTime":"20221224194509","extendParams":[{"name":"emailDomainName","value":"test.xxxx.com"},{"name":"extendParamName","value":"extendParamValue"}]}],"testFlag":"1"}'