authToken Value
Definition
The authToken parameter is mandatory for verifying the communication security between KooGallery and a seller. It is included in the parameters that KooGallery uses to invoke an interface of a seller.
The seller generates an authToken value by following the defined procedure and compares it with the authToken value obtained from KooGallery through the interface. If they are identical, the communication security passes the verification.
Generation Procedure
- Obtain all the HTTP GET request parameters excluding the authToken.
- Sort the parameter names in alphabetical order.
- Use HMAC-SHA256 and the Key to encrypt the entire string of the sorted parameter names. The encryption result is adopted as the authToken value.
Example
A seller receives an invocation request similar to the following:
http://www.isvwebsite.com/saasproduce?p1=1&p2=2&p3=3&authToken=xxxxxxxxxxxxxx&timeStamp=201706211855321
- Obtain all the HTTP GET request parameters p1, p2, p3, and timeStamp.
- Sort the parameter names in alphabetical order: sort(p1, p2, p3, timeStamp). Assume that the sequence obtained by sorting is p1, p3, p2, and timestamp.
- Generate an authToken value by encryption: base64_encode(HMAC_SHA256(Key+timeStamp, p1=1&p3=3&p2=2&timeStamp=201706211855321)).
All parameter values are URL-encoded in KooGallery. After obtaining the parameter value, the seller needs to decode them.
Example Code
For a code example, see ISV Server Verifying Requests.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
