Basic Settings Guide

跳转到: 导航, 搜索

API Guides for the Developers

The document specially explains how to get access to the Developing Mode in the Weibo Fans Service Platform.

Step #1: Apply for the Message API

Developers of the media, the companies and the single certified users can apply for the message API. Go to Management Center, Fans Service , Advanced Feature, and open Edit Mode / Developing Mode.

The developers need to provide the URL and APPKEY after selecting the Developing Mode. The URL is used to get the messages from the Weibo server side and the APPKEY is the Key given by Weibo to prove that you are the certified developer to develop service for Weibo. The App secret is used as a signature and will be verified with the signature in the URL to prevent security issues when requesting data.

Step #2: Verify the URL

The developers need to build the first connection with the Weibo server end via a verification process when using the event push service. After submitting the needed information, Weibo server will send the GET request to the URL provided by the developers, including 4 parameters.

field type remark
signature string an encryption Weibo signature combining the appsecret,the timestamp

parameter and the nounce parameter

timestamp string timestamp
nonce string random
echostr string Random strings

Having checked the encrypted signature and the parameters, the developers need to send back the original echostr parameters to the Weibo server to build the first connection. Otherwise, the first connection is failed to build.

The encryption rule for the signature:

Get the appsecret,timestamp,nonce in alphabetical order and encrypt them in the sha1 form: appsercret=xyz123xyz timestamp=1397022061823 nonce=57155157 The result: The jointed strings:139702206182357155157xyz123xyz Sha1 encryption:90e4c22c90a58f26526c2dd5b6c56c8822edeaa1 Url verification sample: http://yoururl?nonce=57155157&timestamp=1397022061823&echostr=dnPdpTZz85&signature=90e4c22c90a58f26526c2dd5b6c56c8822edeaa1 The url is verified if the callback is the echostr,dnPdpTZz85 in the sample.


function checkSignature() {
        $signature = $_GET["signature"];
        $timestamp = $_GET["timestamp"];
        $nonce = $_GET["nonce"];	
	$appsecret= appsecret;  //开发者的appsecret
	$tmpArr = array($appsecret, $timestamp, $nonce);
	sort($tmpArr, SORT_STRING);
	$tmpStr = implode( $tmpArr );
	$tmpStr = sha1( $tmpStr );
	if( $tmpStr == $signature ){
		return true;
		return false;




Step #3: Get the access_token to become the Service Developers

After the URL verification, the access is approved,and since then, the request messages will be pushed to the users each time they send messages to the verified accounts, or click the self-refined menus. Besides,all event push later will include the 3 parameters, signature、timestamp and nonce, and the developers can verify the signature to judge the truth of the message the same way as before. Until now, the Fans Service Platform supports 80 APIs. After the URL verification,the Fans Service Platform will also send back an access_token as below: Please note that receiving message and sending passive message don’t need the access_token while some other APIs in the developer’s mode such as the sending the passive response message need the access_token parameter as a verification

More information about the access_token::

Appendix: Long Connection Mode

Besides the above push service, we also provide the long connection mode with the same features but different access process. The Long Connection Mode is different in that the 3rd party developers need to build the connection request themselves, not waiting for the GET request from the Weibo server end. The 3rd party developers get more decision-making power and pay more attention to the developing work.

If you are interested in the Long Connection Mode, you may take the following documents as a reference.

文档更新时间: 2014-08-06