Backend Development
PHP Tutorial
API common signature verification methods (PHP implementation)
Usage scenarios
Now more and more projects use the front-end and back-end separation model for development. Back-end developers use API interfaces to transfer data to front-end developers for processing and display. In some more important Modification of data interfaces, involving money, user information, etc., if the interfaces are not protected and verified, it is often easy for someone to maliciously swipe the interface, resulting in huge losses.
API Signature Verification
Here we introduce a more common signature verification in the industry to encrypt the parameters of the interface, which has the following advantages.
Requested uniqueness: The calculated signature is unique and can be used for verification.
Variability of parameters: The parameters include the timestamp parameter, which ensures that the signature calculated for each request is different.
Request aging: Since the request contains the timestamp parameter of the current request, the server can verify the timestamp and filter requests that exceed the aging limit.
Security: Even if the request is maliciously captured and the other party maliciously tamperes with the parameters, the signature will be wrong and the parameters cannot be modified.
Practice the truth
1. Sort the data to be signed of map type (that is, a set of key-value pairs) according to the size of the key. The parameters in the map are sorted in alphabetical order. If the first letters are the same, they are sorted by the second letter, and so on. For example,
{
"timestamp": "2017-06-08 09:38:00",
"format": "xml",
"app_id": "aabbc",
"cp_extend_info": "",
"sign_type": "HMAC-SHA1",
"sign": "abc"
}then becomes
{
"app_id": "aabbc",
"cp_extend_info": "",
"format": "xml",
"sign_type": "HMAC-SHA1",
"timestamp": "2017-06-08 09:38:00"
}after sorting. Note: If the map contains a signature parameter (sign), the key value of the parameter needs to be filtered. Participate in signing. Please do not participate in signing parameters without values.
2. Serialize the sorted map into a string to be signed. The spliced ??string to be signed is
app_id=aabbc&format=xml&sign_type=HMAC-SHA1×tamp=2017-06-08 09:38:00
3. Use the key to extract the digest (hash) signature of the string to be signed according to the HMAC-SHA1 algorithm and base64_encode it (to facilitate explicit transmission and comparison). Assuming that the signature key is test, the extracted digest signature is The value of base64_encode is
JqoEqPIVVor0eyRHMYiZftsycVo=
Note: Because some data are required by the HTTP protocol, URLencoding needs to be performed during network transmission so that the receiver can receive the correct parameters. But if this parameter participates in signature, then the string to be signed must be the original value of the string rather than the value of URLencoding.
Code Practice
PHP Example
/**
* 使用密鑰生成HMAC-Sha1簽名
* @param array $params 請(qǐng)求參數(shù)
* @param string $signKey 簽名密鑰
* @return string
*/
function hmacSha1Sign($params,$signKey)
{
ksort($params);
$paramString = '';
foreach ($params as $key => $value) {
if (is_null($value) || $value=='' || $key == 'sign') {
continue;
}
$paramString .= $key.'='.$value.'&';
}
$paramString = substr($paramString,0,-1);
$sign = base64_encode(hash_hmac("sha1", $paramString, $signKey, $raw_output=TRUE));
return $sign;
}The above is the API verification signature method commonly used in daily development. It is very simple and very useful. Welcome to follow for more tutorials.
The above is the detailed content of API common signature verification methods (PHP implementation). For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undress AI Tool
Undress images for free
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
Oracle API Usage Guide: Exploring Data Interface Technology
Mar 07, 2024 am 11:12 AM
Oracle is a world-renowned database management system provider, and its API (Application Programming Interface) is a powerful tool that helps developers easily interact and integrate with Oracle databases. In this article, we will delve into the Oracle API usage guide, show readers how to utilize data interface technology during the development process, and provide specific code examples. 1.Oracle
How to crawl and process data by calling API interface in PHP project?
Sep 05, 2023 am 08:41 AM
How to crawl and process data by calling API interface in PHP project? 1. Introduction In PHP projects, we often need to crawl data from other websites and process these data. Many websites provide API interfaces, and we can obtain data by calling these interfaces. This article will introduce how to use PHP to call the API interface to crawl and process data. 2. Obtain the URL and parameters of the API interface. Before starting, we need to obtain the URL of the target API interface and the required parameters.
Development suggestions: How to use the ThinkPHP framework for API development
Nov 22, 2023 pm 05:18 PM
Development suggestions: How to use the ThinkPHP framework for API development. With the continuous development of the Internet, the importance of API (Application Programming Interface) has become increasingly prominent. API is a bridge for communication between different applications. It can realize data sharing, function calling and other operations, and provides developers with a relatively simple and fast development method. As an excellent PHP development framework, the ThinkPHP framework is efficient, scalable and easy to use.
Oracle API integration strategy analysis: achieving seamless communication between systems
Mar 07, 2024 pm 10:09 PM
OracleAPI integration strategy analysis: To achieve seamless communication between systems, specific code examples are required. In today's digital era, internal enterprise systems need to communicate with each other and share data, and OracleAPI is one of the important tools to help achieve seamless communication between systems. This article will start with the basic concepts and principles of OracleAPI, explore API integration strategies, and finally give specific code examples to help readers better understand and apply OracleAPI. 1. Basic Oracle API
How to deal with Laravel API error problems
Mar 06, 2024 pm 05:18 PM
Title: How to deal with Laravel API error problems, specific code examples are needed. When developing Laravel, API errors are often encountered. These errors may come from various reasons such as program code logic errors, database query problems, or external API request failures. How to handle these error reports is a key issue. This article will use specific code examples to demonstrate how to effectively handle Laravel API error reports. 1. Error handling in Laravel
React API Call Guide: How to interact and transfer data with the backend API
Sep 26, 2023 am 10:19 AM
ReactAPI Call Guide: How to interact with and transfer data to the backend API Overview: In modern web development, interacting with and transferring data to the backend API is a common need. React, as a popular front-end framework, provides some powerful tools and features to simplify this process. This article will introduce how to use React to call the backend API, including basic GET and POST requests, and provide specific code examples. Install the required dependencies: First, make sure Axi is installed in the project
Insomnia Tutorial: How to use the PHP API interface
Jan 22, 2024 am 11:21 AM
PHP API interface: How to use Insomnia Insomnia is a powerful API testing and debugging tool. It can help developers quickly and easily test and verify API interfaces. It supports multiple programming languages ????and protocols, including PHP. This article will introduce how to use Insomnia to test PHPAPI interface. Step 1: Install InsomniaInsomnia is a cross-platform application that supports Windows, MacOS, and Linux.
PHP API Interface: Getting Started Guide
Aug 25, 2023 am 11:45 AM
PHP is a popular server-side scripting language used for building web applications and websites. It can interact with various different types of API interfaces and is very convenient during the development process. In this article, we will provide an introductory guide to the PHP API interface to help beginners learn to use it faster. What is an API? API stands for "Application Programming Interface", which is a standardized way that allows different applications to exchange data and information between them. This interaction is achieved by visiting a website on W
