Sign Generation Rules

Signature rules

1. The parameters(Accesstoken, Appid, Keyid, Nonce, Time) requested by the head are first sorted according to the ASCII code, and then spliced.

   Splice method: Accesstoken=xxx&Appid=xxx&Keyid=xxx&Nonce=xxx&Time=xxx

2. Splice Appkey with the string generated in the second step.

   Example: Accesstoken=xxx&Appid=xxx&Keyid=xxx&Nonce=xxx&Time=xxx Appkey

3. Do lowercase processing for the string generated in the second step.

4. MD5 32-bit for the character generated in the third step, and the generated number is the value of Sign.

   Note: Some interface request headers do not require Accesstoken parameters. In this case, Accesstoken does not participate in generating signatures.

5. Example

-------------------------------------- Step 1: splicing header parameters --------------------------------------
Accesstoken=532cad73c5493193d63d367016b98b27&Appid=4e693d54d75db580a56d1263&Keyid=k.78784564654feda454557&Nonce=C6wuzd0Qguxzelhb&Time=1618914078668

-------------------------------------- Step 2: Splicing appKey parameters --------------------------------------
Accesstoken=532cad73c5493193d63d367016b98b27&Appid=4e693d54d75db580a56d1263&Keyid=k.78784564654feda454557&Nonce=C6wuzd0Qguxzelhb&Time=1618914078668gU7Qtxi4dWnYAdmudyxni52bWZ58b8uN

-------------------------------------- Step 3: Lowercase the string ------------------------------------------
accesstoken=532cad73c5493193d63d367016b98b27&appid=4e693d54d75db580a56d1263&keyid=k.78784564654feda454557&nonce=c6wuzd0qguxzelhb&time=1618914078668gu7qtxi4dwnyadmudyxni52bwz58b8un

-------------------------------------- Step 4: MD5 32-bit encryption ----------------------------------------
bfd8dd0e7c108353e6740d81e05982d8

• Java demo

import org.apache.commons.lang3.StringUtils;

import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;

/**
 * @author hww
 * @date 2021/5/24
 */
public class CreateSign {

    public static void main(String[] args) {
        String accessToken = "532cad73c5493193d63d367016b98b27";
        String appId = "4e693d54d75db580a56d1263";
        String keyId = "78784564654feda454557";
        String nonce = "C6wuzd0Qguxzelhb";
        String time = "1618914078668";
        String appKey = "gU7Qtxi4dWnYAdmudyxni52bWZ58b8uN";

        String sign = createSign(accessToken, appId, keyId, nonce, time, appKey);
        System.out.println(sign);
    }

    public static String createSign(String accessToken, String appId, String keyId, String nonce, String time, String appKey) {
        // Strictly follow Accesstoken, Appid, Keyid, Nonce, Time
        // Sequentially splice into a string and use MD5 to generate the signature value, and put the generated signature value in the Sign of RequestHeader;
        StringBuilder sb = new StringBuilder();
        if(StringUtils.isNotBlank(accessToken)){
            sb.append("Accesstoken=").append(accessToken).append("&");
        }
        sb.append("Appid=").append(appId);
        sb.append("&").append("Keyid=").append(keyId);
        sb.append("&").append("Nonce=").append(nonce);
        sb.append("&").append("Time=").append(time).append(appKey);

        String signStr = sb.toString().toLowerCase();
        try {
            return MD5_32(signStr);
        } catch (Exception e) {
            e.printStackTrace();
        }
        return null;
    }

    private static String MD5_32(String sourceStr) throws Exception {
        String result = "";

        try {
            byte[] b = md5(sourceStr.getBytes("UTF-8"));
            StringBuffer buf = new StringBuffer("");

            for(int offset = 0; offset < b.length; ++offset) {
                int i = b[offset];
                if (i < 0) {
                    i += 256;
                }

                if (i < 16) {
                    buf.append("0");
                }

                buf.append(Integer.toHexString(i));
            }

            result = buf.toString();
        } catch (NoSuchAlgorithmException var6) {
            var6.printStackTrace();
        }

        return result;
    }

    private static byte[] md5(byte[] bytes) throws Exception {
        MessageDigest md = MessageDigest.getInstance("MD5");
        md.update(bytes);
        return md.digest();
    }
}

Postman automatically generates signature method

1. Set global variables, create and configure Appid, Accesstoken, Keyid, AppKey, Time, Nonce, Sign, and fill in any value of Time, Nonce, and Sign (the script will be updated later);

   

2. Fill in the following script in the pre-request script of the request interface;

   

   var Appid = pm.globals.get("Appid")
   var Accesstoken = pm.globals.get("Accesstoken");
   var Keyid = pm.globals.get("Keyid");
   var AppKey = pm.globals.get("AppKey");
   var Time = Math.round(new Date().getTime());
   var Nonce = Math.round(new Date().getTime());
   
   var preSign = "";
   if (Accesstoken != null && Accesstoken != "" && Accesstoken != undefined) {
       preSign = "Accesstoken=" + Accesstoken + "&";
   }
   preSign = preSign + "Appid=" + Appid + "&" + "Keyid=" + Keyid + "&" + "Nonce=" + Nonce + "&" + "Time=" + Time + AppKey;
   var Sign= CryptoJS.MD5(preSign.toLowerCase()).toString();
   
   postman.setGlobalVariable("Sign", Sign);
   postman.setGlobalVariable("Time", Time);
   postman.setGlobalVariable("Nonce", Nonce);
   

3. Request Headers to use global variables;

Except that the accessToken needs to be updated in the global variables after it expires, the configuration of other variables does not need to be changed.