Signature
Simlessly
# Request Header Parameters:
| Parameters | Type | Mandatory/Optional | Description |
|---|---|---|---|
| Sign-Method | string | M | Default “HMAC-SHA256” |
| Timestamp | string | M | Timestamp of present time (in milliseconds), valid for 10 mins and used in request header. |
| Version | string | M | Default "v1" |
| Signature | string | M | Specific signature |
| Request-ID | string | M | Unique request ID |
| Access-Key | string | M | Client ID |
| Authorization | string | O | user access token,the Oauth interface does not need to pass this parameter. |
# Signature Calculation:
Use the HMACSHA256 encryption.
# Calculation by HMACSHA256:
- signData = ClientID + Timestamp + RequestID + RequestBody
- signature = data is signed using the HmacSHA256 algorithm using client secret key;
//Java signature algorithm implementation
public static String HMACSHA256(String data, String ClientSecret) throws Exception {
Mac sha256HMAC = Mac.getInstance("HmacSHA256");
SecretKeySpec secretKey = new SecretKeySpec(ClientSecret.getBytes("UTF-8"), "HmacSHA256");
sha256HMAC.init(secretKey);
byte[] array = sha256HMAC.doFinal(data.getBytes("UTF-8"));
StringBuilder sb = new StringBuilder();
for (byte item : array) {
sb.append(Integer.toHexString((item & 0xFF) | 0x100).substring(1, 3));
}
return sb.toString().toUpperCase();
}
# Field Description
Field | Description |
|---|---|
| ClientSecret | Key generated by CMP Platform, not transmitted over the Internet |
| ClientID | ClientID generated by CMP Platform for signature encryption |
# Signature Demo
AccessKey=1234567890
Timestamp=1590076800000
Request-ID=1234567890
Signature=7D3A4B6C7D3A4B6C7D3A4B6C7D3A4B6C
Sign-Method=HMAC-SHA256
Version=v1
Authorization=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c