


API common signature verification methods (PHP implementation)
Usage scenarios
Now more and more projects use the front-end and back-end separation model for development. Back-end developers use API interfaces to transfer data to front-end developers for processing and display. In some more important Modification of data interfaces, involving money, user information, etc., if the interfaces are not protected and verified, it is often easy for someone to maliciously swipe the interface, resulting in huge losses.
API Signature Verification
Here we introduce a more common signature verification in the industry to encrypt the parameters of the interface, which has the following advantages.
Requested uniqueness: The calculated signature is unique and can be used for verification.
Variability of parameters: The parameters include the timestamp parameter, which ensures that the signature calculated for each request is different.
Request aging: Since the request contains the timestamp parameter of the current request, the server can verify the timestamp and filter requests that exceed the aging limit.
Security: Even if the request is maliciously captured and the other party maliciously tamperes with the parameters, the signature will be wrong and the parameters cannot be modified.
Practice the truth
1. Sort the data to be signed of map type (that is, a set of key-value pairs) according to the size of the key. The parameters in the map are sorted in alphabetical order. If the first letters are the same, they are sorted by the second letter, and so on. For example,
{ "timestamp": "2017-06-08 09:38:00", "format": "xml", "app_id": "aabbc", "cp_extend_info": "", "sign_type": "HMAC-SHA1", "sign": "abc" }
then becomes
{ "app_id": "aabbc", "cp_extend_info": "", "format": "xml", "sign_type": "HMAC-SHA1", "timestamp": "2017-06-08 09:38:00" }
after sorting. Note: If the map contains a signature parameter (sign), the key value of the parameter needs to be filtered. Participate in signing. Please do not participate in signing parameters without values.
2. Serialize the sorted map into a string to be signed. The spliced string to be signed is
app_id=aabbc&format=xml&sign_type=HMAC-SHA1×tamp=2017-06-08 09:38:00
3. Use the key to extract the digest (hash) signature of the string to be signed according to the HMAC-SHA1 algorithm and base64_encode it (to facilitate explicit transmission and comparison). Assuming that the signature key is test, the extracted digest signature is The value of base64_encode is
JqoEqPIVVor0eyRHMYiZftsycVo=
Note: Because some data are required by the HTTP protocol, URLencoding needs to be performed during network transmission so that the receiver can receive the correct parameters. But if this parameter participates in signature, then the string to be signed must be the original value of the string rather than the value of URLencoding.
Code Practice
PHP Example
/** * 使用密钥生成HMAC-Sha1签名 * @param array $params 请求参数 * @param string $signKey 签名密钥 * @return string */ function hmacSha1Sign($params,$signKey) { ksort($params); $paramString = ''; foreach ($params as $key => $value) { if (is_null($value) || $value=='' || $key == 'sign') { continue; } $paramString .= $key.'='.$value.'&'; } $paramString = substr($paramString,0,-1); $sign = base64_encode(hash_hmac("sha1", $paramString, $signKey, $raw_output=TRUE)); return $sign; }
The above is the API verification signature method commonly used in daily development. It is very simple and very useful. Welcome to follow for more tutorials.
The above is the detailed content of API common signature verification methods (PHP implementation). For more information, please follow other related articles on the PHP Chinese website!

Hot AI Tools

Undresser.AI Undress
AI-powered app for creating realistic nude photos

AI Clothes Remover
Online AI tool for removing clothes from photos.

Undress AI Tool
Undress images for free

Clothoff.io
AI clothes remover

Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Article

Hot Tools

Notepad++7.3.1
Easy-to-use and free code editor

SublimeText3 Chinese version
Chinese version, very easy to use

Zend Studio 13.0.1
Powerful PHP integrated development environment

Dreamweaver CS6
Visual web development tools

SublimeText3 Mac version
God-level code editing software (SublimeText3)

Hot Topics

PHP and ManticoreSearch Development Guide: Quickly Create a Search API Search is one of the indispensable features in modern web applications. Whether it is an e-commerce website, social media platform or news portal, it needs to provide an efficient and accurate search function to help users find the content they are interested in. As a full-text search engine with excellent performance, ManticoreSearch provides us with a powerful tool to create excellent search APIs. This article will show you how to

How to crawl and process data by calling API interface in PHP project? 1. Introduction In PHP projects, we often need to crawl data from other websites and process these data. Many websites provide API interfaces, and we can obtain data by calling these interfaces. This article will introduce how to use PHP to call the API interface to crawl and process data. 2. Obtain the URL and parameters of the API interface. Before starting, we need to obtain the URL of the target API interface and the required parameters.

Oracle is a world-renowned database management system provider, and its API (Application Programming Interface) is a powerful tool that helps developers easily interact and integrate with Oracle databases. In this article, we will delve into the Oracle API usage guide, show readers how to utilize data interface technology during the development process, and provide specific code examples. 1.Oracle

Title: How to deal with Laravel API error problems, specific code examples are needed. When developing Laravel, API errors are often encountered. These errors may come from various reasons such as program code logic errors, database query problems, or external API request failures. How to handle these error reports is a key issue. This article will use specific code examples to demonstrate how to effectively handle Laravel API error reports. 1. Error handling in Laravel

OracleAPI integration strategy analysis: To achieve seamless communication between systems, specific code examples are required. In today's digital era, internal enterprise systems need to communicate with each other and share data, and OracleAPI is one of the important tools to help achieve seamless communication between systems. This article will start with the basic concepts and principles of OracleAPI, explore API integration strategies, and finally give specific code examples to help readers better understand and apply OracleAPI. 1. Basic Oracle API

ReactAPI Call Guide: How to interact with and transfer data to the backend API Overview: In modern web development, interacting with and transferring data to the backend API is a common need. React, as a popular front-end framework, provides some powerful tools and features to simplify this process. This article will introduce how to use React to call the backend API, including basic GET and POST requests, and provide specific code examples. Install the required dependencies: First, make sure Axi is installed in the project

In the world of data-driven applications and analytics, APIs (Application Programming Interfaces) play a vital role in retrieving data from various sources. When working with API data, you often need to store the data in a format that is easy to access and manipulate. One such format is CSV (Comma Separated Values), which allows tabular data to be organized and stored efficiently. This article will explore the process of saving API data to CSV format using the powerful programming language Python. By following the steps outlined in this guide, we will learn how to retrieve data from the API, extract relevant information, and store it in a CSV file for further analysis and processing. Let’s dive into the world of API data processing with Python and unlock the potential of the CSV format

Development suggestions: How to use the ThinkPHP framework for API development. With the continuous development of the Internet, the importance of API (Application Programming Interface) has become increasingly prominent. API is a bridge for communication between different applications. It can realize data sharing, function calling and other operations, and provides developers with a relatively simple and fast development method. As an excellent PHP development framework, the ThinkPHP framework is efficient, scalable and easy to use.
