Table of Contents
Usage scenarios
API Signature Verification
Practice the truth
Code Practice
Home Backend Development PHP Tutorial API common signature verification methods (PHP implementation)

API common signature verification methods (PHP implementation)

Apr 29, 2020 pm 12:37 PM
api

Usage scenarios

Now more and more projects use the front-end and back-end separation model for development. Back-end developers use API interfaces to transfer data to front-end developers for processing and display. In some more important Modification of data interfaces, involving money, user information, etc., if the interfaces are not protected and verified, it is often easy for someone to maliciously swipe the interface, resulting in huge losses.

API Signature Verification

Here we introduce a more common signature verification in the industry to encrypt the parameters of the interface, which has the following advantages.

  • Requested uniqueness: The calculated signature is unique and can be used for verification.

  • Variability of parameters: The parameters include the timestamp parameter, which ensures that the signature calculated for each request is different.

  • Request aging: Since the request contains the timestamp parameter of the current request, the server can verify the timestamp and filter requests that exceed the aging limit.

  • Security: Even if the request is maliciously captured and the other party maliciously tamperes with the parameters, the signature will be wrong and the parameters cannot be modified.

Practice the truth

1. Sort the data to be signed of map type (that is, a set of key-value pairs) according to the size of the key. The parameters in the map are sorted in alphabetical order. If the first letters are the same, they are sorted by the second letter, and so on. For example,

{
    "timestamp": "2017-06-08 09:38:00",
    "format": "xml",
    "app_id": "aabbc",
    "cp_extend_info": "",
    "sign_type": "HMAC-SHA1",
    "sign": "abc"
}
Copy after login

then becomes

{
    "app_id": "aabbc",
    "cp_extend_info": "",
    "format": "xml",
    "sign_type": "HMAC-SHA1",
    "timestamp": "2017-06-08 09:38:00"
}
Copy after login

after sorting. Note: If the map contains a signature parameter (sign), the key value of the parameter needs to be filtered. Participate in signing. Please do not participate in signing parameters without values.

2. Serialize the sorted map into a string to be signed. The spliced ​​string to be signed is

app_id=aabbc&format=xml&sign_type=HMAC-SHA1&timestamp=2017-06-08 09:38:00
Copy after login

3. Use the key to extract the digest (hash) signature of the string to be signed according to the HMAC-SHA1 algorithm and base64_encode it (to facilitate explicit transmission and comparison). Assuming that the signature key is test, the extracted digest signature is The value of base64_encode is

JqoEqPIVVor0eyRHMYiZftsycVo=
Copy after login

Note: Because some data are required by the HTTP protocol, URLencoding needs to be performed during network transmission so that the receiver can receive the correct parameters. But if this parameter participates in signature, then the string to be signed must be the original value of the string rather than the value of URLencoding.

Code Practice

PHP Example

/**
 * 使用密钥生成HMAC-Sha1签名
 * @param array $params 请求参数
 * @param string $signKey 签名密钥
 * @return string
 */
function hmacSha1Sign($params,$signKey)
{
    ksort($params);
 
    $paramString = '';
    foreach ($params as $key => $value) {
        if (is_null($value) || $value=='' || $key == 'sign') {
            continue;
        }
        $paramString .= $key.'='.$value.'&';
    }
    $paramString = substr($paramString,0,-1);
    $sign = base64_encode(hash_hmac("sha1", $paramString, $signKey, $raw_output=TRUE));
    return $sign;
}
Copy after login

The above is the API verification signature method commonly used in daily development. It is very simple and very useful. Welcome to follow for more tutorials.

The above is the detailed content of API common signature verification methods (PHP implementation). For more information, please follow other related articles on the PHP Chinese website!

Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Hot AI Tools

Undresser.AI Undress

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress AI Tool

Undress images for free

Clothoff.io

Clothoff.io

AI clothes remover

Video Face Swap

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Tools

Notepad++7.3.1

Notepad++7.3.1

Easy-to-use and free code editor

SublimeText3 Chinese version

SublimeText3 Chinese version

Chinese version, very easy to use

Zend Studio 13.0.1

Zend Studio 13.0.1

Powerful PHP integrated development environment

Dreamweaver CS6

Dreamweaver CS6

Visual web development tools

SublimeText3 Mac version

SublimeText3 Mac version

God-level code editing software (SublimeText3)

PHP and Manticore Search Development Guide: Quickly Create a Search API PHP and Manticore Search Development Guide: Quickly Create a Search API Aug 07, 2023 pm 06:05 PM

PHP and ManticoreSearch Development Guide: Quickly Create a Search API Search is one of the indispensable features in modern web applications. Whether it is an e-commerce website, social media platform or news portal, it needs to provide an efficient and accurate search function to help users find the content they are interested in. As a full-text search engine with excellent performance, ManticoreSearch provides us with a powerful tool to create excellent search APIs. This article will show you how to

How to crawl and process data by calling API interface in PHP project? How to crawl and process data by calling API interface in PHP project? Sep 05, 2023 am 08:41 AM

How to crawl and process data by calling API interface in PHP project? 1. Introduction In PHP projects, we often need to crawl data from other websites and process these data. Many websites provide API interfaces, and we can obtain data by calling these interfaces. This article will introduce how to use PHP to call the API interface to crawl and process data. 2. Obtain the URL and parameters of the API interface. Before starting, we need to obtain the URL of the target API interface and the required parameters.

Oracle API Usage Guide: Exploring Data Interface Technology Oracle API Usage Guide: Exploring Data Interface Technology Mar 07, 2024 am 11:12 AM

Oracle is a world-renowned database management system provider, and its API (Application Programming Interface) is a powerful tool that helps developers easily interact and integrate with Oracle databases. In this article, we will delve into the Oracle API usage guide, show readers how to utilize data interface technology during the development process, and provide specific code examples. 1.Oracle

How to deal with Laravel API error problems How to deal with Laravel API error problems Mar 06, 2024 pm 05:18 PM

Title: How to deal with Laravel API error problems, specific code examples are needed. When developing Laravel, API errors are often encountered. These errors may come from various reasons such as program code logic errors, database query problems, or external API request failures. How to handle these error reports is a key issue. This article will use specific code examples to demonstrate how to effectively handle Laravel API error reports. 1. Error handling in Laravel

Oracle API integration strategy analysis: achieving seamless communication between systems Oracle API integration strategy analysis: achieving seamless communication between systems Mar 07, 2024 pm 10:09 PM

OracleAPI integration strategy analysis: To achieve seamless communication between systems, specific code examples are required. In today's digital era, internal enterprise systems need to communicate with each other and share data, and OracleAPI is one of the important tools to help achieve seamless communication between systems. This article will start with the basic concepts and principles of OracleAPI, explore API integration strategies, and finally give specific code examples to help readers better understand and apply OracleAPI. 1. Basic Oracle API

React API Call Guide: How to interact and transfer data with the backend API React API Call Guide: How to interact and transfer data with the backend API Sep 26, 2023 am 10:19 AM

ReactAPI Call Guide: How to interact with and transfer data to the backend API Overview: In modern web development, interacting with and transferring data to the backend API is a common need. React, as a popular front-end framework, provides some powerful tools and features to simplify this process. This article will introduce how to use React to call the backend API, including basic GET and POST requests, and provide specific code examples. Install the required dependencies: First, make sure Axi is installed in the project

Save API data to CSV format using Python Save API data to CSV format using Python Aug 31, 2023 pm 09:09 PM

In the world of data-driven applications and analytics, APIs (Application Programming Interfaces) play a vital role in retrieving data from various sources. When working with API data, you often need to store the data in a format that is easy to access and manipulate. One such format is CSV (Comma Separated Values), which allows tabular data to be organized and stored efficiently. This article will explore the process of saving API data to CSV format using the powerful programming language Python. By following the steps outlined in this guide, we will learn how to retrieve data from the API, extract relevant information, and store it in a CSV file for further analysis and processing. Let’s dive into the world of API data processing with Python and unlock the potential of the CSV format

Development suggestions: How to use the ThinkPHP framework for API development Development suggestions: How to use the ThinkPHP framework for API development Nov 22, 2023 pm 05:18 PM

Development suggestions: How to use the ThinkPHP framework for API development. With the continuous development of the Internet, the importance of API (Application Programming Interface) has become increasingly prominent. API is a bridge for communication between different applications. It can realize data sharing, function calling and other operations, and provides developers with a relatively simple and fast development method. As an excellent PHP development framework, the ThinkPHP framework is efficient, scalable and easy to use.

See all articles