Verify Message Authenticity
第1行: | 第1行: | ||
− | + | When developers use event pushing service for the first time, it need a check to build the connection with the weibo server; the weibo server send a get quest to the developer’s url, the check parameters are as follow: | |
{| border="1" cellspacing="0" cellpadding="0" width="100%" class="parameters" style="border-color:#CCCCCC;" | {| border="1" cellspacing="0" cellpadding="0" width="100%" class="parameters" style="border-color:#CCCCCC;" | ||
|- | |- | ||
− | !width="20%" style="text-align:left;padding-left:5px;font-weight:bolder;border:1px solid #cccccc"| | + | !width="20%" style="text-align:left;padding-left:5px;font-weight:bolder;border:1px solid #cccccc"|Parameters |
− | !width="10%" style="text-align:left;padding-left:5px;font-weight:bolder;border:1px solid #cccccc"| | + | !width="10%" style="text-align:left;padding-left:5px;font-weight:bolder;border:1px solid #cccccc"|Parameter type |
− | !width="70%" style="text-align:left;padding-left:5px;font-weight:bolder;border:1px solid #cccccc"| | + | !width="70%" style="text-align:left;padding-left:5px;font-weight:bolder;border:1px solid #cccccc"|Parameter instructions |
− | {{rdes_args|signature|string| | + | {{rdes_args|signature|string|Weibo encrypted signature, the signature combine the appsecret given by developers and the timestamp in the quest.}} |
− | {{rdes_args|timestamp|string| | + | {{rdes_args|timestamp|string|timestamp}} |
− | {{rdes_args|nonce|string| | + | {{rdes_args|nonce|string|random number}} |
− | {{rdes_args|echostr|string| | + | {{rdes_args|echostr|string|Random string}} |
|} | |} | ||
− | + | The encrypt role of the signature parameter: sort appsecret、timestamp、nonce by dict, joint them to one string and then encrypt the string by sha1; after the developers receive the quest, it will use the encrypted signature to check the authenticity of the request, if the request came from the weibo server, it will establish the first connection by return the echostr parameter, or ,the connection will failed. | |
− | + | Every weibo pushing event will carry on three parameters: signature、timestamp、nonce after the first connection. Developers also can check the authenticity by the signature parameter. The check method is same to the first connection. |
2014年8月6日 (三) 18:03的最后版本
When developers use event pushing service for the first time, it need a check to build the connection with the weibo server; the weibo server send a get quest to the developer’s url, the check parameters are as follow:
Parameters | Parameter type | Parameter instructions |
---|---|---|
signature | string | Weibo encrypted signature, the signature combine the appsecret given by developers and the timestamp in the quest. |
timestamp | string | timestamp |
nonce | string | random number |
echostr | string | Random string |
The encrypt role of the signature parameter: sort appsecret、timestamp、nonce by dict, joint them to one string and then encrypt the string by sha1; after the developers receive the quest, it will use the encrypted signature to check the authenticity of the request, if the request came from the weibo server, it will establish the first connection by return the echostr parameter, or ,the connection will failed.
Every weibo pushing event will carry on three parameters: signature、timestamp、nonce after the first connection. Developers also can check the authenticity by the signature parameter. The check method is same to the first connection.