Verify Message Authenticity

跳转到: 导航, 搜索

When developers use event pushing service for the first time, it need a check to build the connection with the weibo server; the weibo server send a get quest to the developer’s url, the check parameters are as follow:


Parameters Parameter type Parameter instructions
signature string Weibo encrypted signature, the signature combine the appsecret given by developers and the timestamp in the quest.
timestamp string timestamp
nonce string random number
echostr string Random string


The encrypt role of the signature parameter: sort appsecret、timestamp、nonce by dict, joint them to one string and then encrypt the string by sha1; after the developers receive the quest, it will use the encrypted signature to check the authenticity of the request, if the request came from the weibo server, it will establish the first connection by return the echostr parameter, or ,the connection will failed.


Every weibo pushing event will carry on three parameters: signature、timestamp、nonce after the first connection. Developers also can check the authenticity by the signature parameter. The check method is same to the first connection.

文档更新时间: 2014-08-06