Previous topic

Generating signature

Next topic

Signing parameters

Signing example

Suppose you have the following key and secret:

{
  "appKey": "test_app_key",
  "appSecret": "test_app_secret"
}

and you want to send the following parameters:

{
  "foo": "bar",
  "egg": "spam"
}
  1. adding additional parameters, and we get:
{
  "foo": "bar",
  "egg": "spam",
  "timestamp": 1514736000000,
  "appKey": "test_app_key"
}
  1. sort the parameters by their names, and we get:
['appKey', 'egg', 'foo', 'timestamp']
  1. for each parameter, concatenate its key and value as a string, and we get:
['appKeytest_app_key', 'eggspam', 'foobar', 'timestamp1514736000000']
  1. concatenate all such strings for all parameters, and we get:
appKeytest_app_keyeggspamfoobartimestamp1514736000000
  1. append the resulting string with the app secret, and we get:
appKeytest_app_keyeggspamfoobartimestamp1514736000000test_app_secret
  1. the sha256 hash of the resulting string in hexadecimal form should be used as the signature, so we get:
29d80c597516d0fedced59c240e43fce626e85900a6615f52f98a8104936b5a3
  1. add signature back to request parameters, so we get
{
  "foo": "bar",
  "egg": "spam",
  "timestamp": 1514736000000,
  "appKey": "test_app_key",
  "signature": "29d80c597516d0fedced59c240e43fce626e85900a6615f52f98a8104936b5a3"
}

That’s what you need to send to the backend.