V2签名规则
1.加密步骤
- 公共参数(除去sign)按照参数名ASCII码进行自然排序,然后按照k1v1k2v2…拼接,结果为parameters;
- 拼接parameters+body+token;
- 将所得字符串进行SHA-256运算,返回即为sign的值。
排序后再组装参数字符串,将body(为空则不加)和客如云提供的token放在排序字符串的后面,对新组装的参数字符串进行SHA-256加密生成sign字符串。生成的sign参数放到请求接口参数后面当成普通参数即可,参数名为sign
2.sign值加密规则
加密规则
sign=SHA256(appKey+shopIdenty/brandId+timestamp+version+body+token)
注意: sign一定要按顺序拼接字段 shopIdenty 和 brandId 只传其中一个。 品牌授权传brandId ,门店授权传 shopIdenty。
2.1 门店授权接口sign值加密规则示例
{
appKey:7857ca1808d370e2501290bc853eecdc
shopIdenty:810094162
timestamp:1528683797798
version:2.0
body:{"aaa":1}
token:66e53b22f1496d183e71b4ab90f4acf7
}
sign=SHA256(appKey7857ca1808d370e2501290bc853eecdcshopIdenty810094162timestamp1528683797798version2.0body{"aaa":1}66e53b22f1496d183e71b4ab90f4acf7)
- version传固定值2.0
参数拼接并排序 appKey301001shopIdenty247900001timestamp1425635264version2.0body{body}{TOKEN} 注意:【body值直接跟在version2.0后面】
2.2 品牌授权接口sign加密规则示例
{
appKey:7857ca1808d370e2501290bc853eecdc
brandId:32296
timestamp:1528683797798
version:2.0
token:66e53b22f1496d183e71b4ab90f4acf7
body:{"aaa":1}
}
sign=SHA256(appKey7857ca1808d370e2501290bc853eecdcbrandId32296timestamp1528683797798version2.0body{"aaa":1}66e53b22f1496d183e71b4ab90f4acf7)
3.签名规则描述示例
(1)公共参数
请求公共参数:
https://openapi.keruyun.com/open/v1/signTest?appKey=301001&shopIdenty=247900001&version=2.0×tamp=1425635264&sign
请求body体:
request body: {"aaa":1}
通过SHA256运算得到签名sign sign=SHA256(appKey301001shopIdenty247900001timestamp1425635264version2.0body{“aaa”:1}66e53b22f1496d183e71b4ab90f4acf7)
如上计算完成签名之后,把sign结果放到URL参数里面:
/open/v2/signTest?appKey=301001&shopIdenty=247900001&version=2.0×tamp=1425635264&sign=779d704132837f6fd93178a0eff9e70ce8e365321cb5874708a05bad96a44887
(2)业务参数
{
"aaa":1
}
4.代码示例
public static void main(String[] args) {
Map<String, Object> params = new TreeMap<>();
params.put("appKey", "服务appKey");
//门店签名必传
params.put("shopIdenty", 810094162);
//品牌签名必传
params.put("brandId", 32296);
params.put("version", "2.0");
//时间戳s
params.put("timestamp", 1425635264);
StringBuilder sortedParams = new StringBuilder();
params.entrySet().stream().forEachOrdered(paramEntry -> sortedParams.append(paramEntry.getKey()).append(paramEntry.getValue()));
//若存在requestBody则添加body+body体json字符串 否则忽略
sortedParams.append("body").append("{\"shopIdenty\":810094162,\"ids\":[810002,810003]}");
//请替换成真实的token
sortedParams.append("TOKEN");
System.out.println(sortedParams);
try {
String sign = getSign(sortedParams.toString());
System.out.println(sign + " " + sign.length());
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
}
}
/**
* @Description: SHA256加密字符串
* @param
* @return String
* @throws NoSuchAlgorithmException
*/
private static String getSign(String sortedParams) throws NoSuchAlgorithmException {
MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
messageDigest.update(sortedParams.getBytes());
byte byteBuffer[] = messageDigest.digest();
StringBuffer strHexString = new StringBuffer();
for (int i = 0; i < byteBuffer.length; i++){
String hex = Integer.toHexString(0xff & byteBuffer[i]);
if (hex.length() == 1) {
strHexString.append('0');
}
strHexString.append(hex);
}
// 得到返回結果
String SHA256Sign = strHexString.toString();
return SHA256Sign;
}
修改于 3 年前