APP Authentication Method

  • Access through the open platform application method (APP method, a more secure way)

  • How to obtain: Go to the user center (https://simpletex.net/user/center), after enabling the open platform function, you can create it in the "Application List" menu. After creation, you will receive the APP ID and APP Secret for the new application. Note that the APP Secret is important sensitive information and is only displayed once. If lost, please recreate the application.

  • Request method:

  • The authentication method for open platform applications requires signing the POST uploaded data (i.e., form key-value pairs, parameters in the non-binary file part). The signature algorithm process is as follows:

    (1) Generate a 16-character random string (numbers and uppercase/lowercase letters), and place it in the random-str field of the header

    (2) Get the current timestamp and place it in the timestamp field of the header (accurate to the second is sufficient)

    (3) Put the current APP ID information in the app-id field of the header

    (4) Take out other keys from the data, and sort the keys based on string order (from a-z, ascending), connect each key and its corresponding field information through &, such as key1=xxx&key2=xxx&...&keyn=xxx (the random-str, timestamp, and app-id fields from steps 1-3 also need to be added to this string)

    (5) Add the APP Secret information to the end of the string generated in step 4 via &secret=xxx (ignoring the key sorting order), becoming key1=xxx&key2=xxx&...&keyn=xxx&secret=xxx

    (6) Sign the string obtained in the previous step using the MD5 signature algorithm, and get its string expression (32 characters in length)

    (7) Place this signature string in the header, with the field name sign

    (8) The final header format for authentication should be

    header={
    "app-id":xxx,
    "random-str":xxx,
    "timestamp":xxx,
    "sign":xxx
}

    (Note that the APP Secret information should not be included anywhere else in the business request. This information is only used to generate the signature to prove legitimate identity and does not need to be included in the request body)

    (9) At this point, the preparation of information required for APP authentication is complete

    (10) Example

    • Original data information: use_batch=True (In this example we use the one shown below)
    {
  "use_batch"=True
}
    • Obtain other required information:
    {
   'timestamp': '1675550577',
   'random-str': 'mSkYSY28N4WkvidB',
   'app-id': '19X4f10YM1Va894nvFl89ikY',  // For testing purposes only
}
    • The APP Secret in this example is fu4Wfmna4153DFN12ctBsPqgVI3vvGGK, so the string to be signed can be calculated as (fields sorted as app-id, random-str, use_batch, secret): app-id=19X4f10YM1Va894nvFl89ikY&random-str=mSkYSY28N4WkvidB&timestamp=1675550577&use_batch=True&secret=fu4Wfmna4153DFN12ctBsPqgVI3vvGGK
    • Using the MD5 algorithm to calculate the signature, we get 5f271e1deccd95d467c7dd430ca2c8b1 (you can use the website (http://tool.pfan.cn/md5) for testing, or search for online MD5)
    • The final header information is:
    {
  'timestamp': '1675550577',
  'random-str': 'mSkYSY28N4WkvidB',
  'app-id': '19X4f10YM1Va894nvFl89ikY',
  'sign': '5f271e1deccd95d467c7dd430ca2c8b1'
}
Last Updated::