Verify Message Authenticity
When developers use event pushing service for the first time, it need a check to build the connection with the weibo server; the weibo server send a get quest to the developer’s url, the check parameters are as follow:
Parameters | Parameter type | Parameter instructions |
---|---|---|
signature | string | Weibo encrypted signature, the signature combine the appsecret given by developers and the timestamp in the quest. |
timestamp | string | timestamp |
nonce | string | random number |
echostr | string | Random string |
The encrypt role of the signature parameter: sort appsecret、timestamp、nonce by dict, joint them to one string and then encrypt the string by sha1; after the developers receive the quest, it will use the encrypted signature to check the authenticity of the request, if the request came from the weibo server, it will establish the first connection by return the echostr parameter, or ,the connection will failed.
Every weibo pushing event will carry on three parameters: signature、timestamp、nonce after the first connection. Developers also can check the authenticity by the signature parameter. The check method is same to the first connection.