Verify Message Authenticity
(以“==验证消息真实性== 在开发者首次使用事件推送服务时,需要先通过一次校验来和微博服务器建立首次连接;微博服务器发送G...”为内容创建页面) |
|||
(未显示1个用户的1个中间版本) | |||
第1行: | 第1行: | ||
− | + | When developers use event pushing service for the first time, it need a check to build the connection with the weibo server; the weibo server send a get quest to the developer’s url, the check parameters are as follow: | |
− | + | ||
{| border="1" cellspacing="0" cellpadding="0" width="100%" class="parameters" style="border-color:#CCCCCC;" | {| border="1" cellspacing="0" cellpadding="0" width="100%" class="parameters" style="border-color:#CCCCCC;" | ||
|- | |- | ||
− | !width="20%" style="text-align:left;padding-left:5px;font-weight:bolder;border:1px solid #cccccc"| | + | !width="20%" style="text-align:left;padding-left:5px;font-weight:bolder;border:1px solid #cccccc"|Parameters |
− | !width="10%" style="text-align:left;padding-left:5px;font-weight:bolder;border:1px solid #cccccc"| | + | !width="10%" style="text-align:left;padding-left:5px;font-weight:bolder;border:1px solid #cccccc"|Parameter type |
− | !width="70%" style="text-align:left;padding-left:5px;font-weight:bolder;border:1px solid #cccccc"| | + | !width="70%" style="text-align:left;padding-left:5px;font-weight:bolder;border:1px solid #cccccc"|Parameter instructions |
− | {{rdes_args|signature|string| | + | {{rdes_args|signature|string|Weibo encrypted signature, the signature combine the appsecret given by developers and the timestamp in the quest.}} |
− | {{rdes_args|timestamp|string| | + | {{rdes_args|timestamp|string|timestamp}} |
− | {{rdes_args|nonce|string| | + | {{rdes_args|nonce|string|random number}} |
− | {{rdes_args|echostr|string| | + | {{rdes_args|echostr|string|Random string}} |
|} | |} | ||
− | + | The encrypt role of the signature parameter: sort appsecret、timestamp、nonce by dict, joint them to one string and then encrypt the string by sha1; after the developers receive the quest, it will use the encrypted signature to check the authenticity of the request, if the request came from the weibo server, it will establish the first connection by return the echostr parameter, or ,the connection will failed. | |
− | + | Every weibo pushing event will carry on three parameters: signature、timestamp、nonce after the first connection. Developers also can check the authenticity by the signature parameter. The check method is same to the first connection. |
2014年8月6日 (三) 18:03的最后版本
When developers use event pushing service for the first time, it need a check to build the connection with the weibo server; the weibo server send a get quest to the developer’s url, the check parameters are as follow:
Parameters | Parameter type | Parameter instructions |
---|---|---|
signature | string | Weibo encrypted signature, the signature combine the appsecret given by developers and the timestamp in the quest. |
timestamp | string | timestamp |
nonce | string | random number |
echostr | string | Random string |
The encrypt role of the signature parameter: sort appsecret、timestamp、nonce by dict, joint them to one string and then encrypt the string by sha1; after the developers receive the quest, it will use the encrypted signature to check the authenticity of the request, if the request came from the weibo server, it will establish the first connection by return the echostr parameter, or ,the connection will failed.
Every weibo pushing event will carry on three parameters: signature、timestamp、nonce after the first connection. Developers also can check the authenticity by the signature parameter. The check method is same to the first connection.