HTTP Body Signature

Definition

Each time KooGallery calls your API, KooGallery generates a signature for the request based on certain rules and adds the signature to the URL as a URL parameter. After receiving the request, you need to recalculate the signature for the request body based on the same rules, compare the signature with the signature transferred by KooGallery. If they are the same, the verification succeeds. The following table lists the parameters transferred.

Generation Rules

• Sort request parameters by name (from Z to A). For example, a parameter whose name starts with a is placed after a parameter whose name starts with b.
• Obtain the standard request character string.

canonicalRequest = accessKey + nonce + timestamp + Lowercase(HexEncode(HMAC_SHA256 (RequestPayload)))

• Obtain the signature value for the key.

signature = HexEncode(HMAC_SHA256(canonicalRequest))

Example

The following is an example of the request received by you:

curl -X POST -H 'Content-Type: application/json' 'https://www.isvwebsite.com/saasproduce?signature=af71c5a7ef45310b8dc05ab15f********379ebaa5eb61155c0&timestamp=1666677988730&nonce=RLLUammMSInlrNWb' --data '{"activity":"newInstance","buyerInfo":{"customerId":"688055*******f1aa90f1858","customerName":"CBC_marketplace_mw*******1","userId":"1e8**********7df834e4fe","userName":"CBC_marketplace_********1","mobilePhone":"1865********","email":"********@huawei.com"},"orderInfo":[{"businessId":"8a2************88-f41090522646","orderId":"CS**********","trialFlag":"0","orderAmount":12.78,"chargingMode":"PERIOD","periodType":"month","periodNumber":5,"provisionType":1,"productInfo":[{"skuCode":"a63ee5c9-4f86-11ed-9f95-fa163e8cb3b2","productId":"OFFI7889636**********8","linearValue":20}],"createTime":"20221024194509","expireTime":"20221224194509","extendParams":[{"name":"emailDomainName","value":"test.xxxx.com"},{"name":"extendParamName","value":"extendParamValue"}]}],"testFlag":"1"}'