Signature algorithm

更新时间：2022/02/25 访问次数：287

Aliexpress Open Platform verifies the identity of each API request, and the server will also verify whether the call parameters are valid. Therefore, each HTTP request must contain the signature information. The requests with invalid signature will be rejected.

Aliexpress Open Platform verifies the identity of the requests by the App Key and Secret that are assigned to your application. The App Secret is used to generate the signature string in the HTTP request URL and server-side signature string. It must be kept strictly confidential.

If you compose HTTP request manually (instead of using the official SDK), you need to understand the following signature algorithm.

The process of generating the signature is as follows:

Sort all request parameters (including system and application parameters, but except the “sign” and parameters with byte array type.Please do not ignore the request parameter in the API path!And the key is just the word in the API path) according to the parameter name in ASCII table. For example:

Before sort: foo=1, bar=2, foo_bar=3, foobar=4
After sort: bar=2, foo=1, foo_bar=3, foobar=4

Concatenate the sorted parameters and their values into a string. For example:

bar2foo1foo_bar3foobar4

Add the API name in front of the concatenated string. For example, adding the API name “/test/api”:

/test/apibar2foo1foo_bar3foobar4

Encode the concatenated string in UTF-8 format and make a digest by the signature algorithm (using HMAC_SHA256). For example:

hmac_sha256(/test/apibar2foo1foo_bar3foobar4)

Convert the digest to hexadecimal format. For example:

hex("helloworld".getBytes("utf-8")) = "68656C6C6F776F726C64"

Sample code for JAVA

FAQ

关于此文档暂时还没有FAQ

有用(0) 我要提问

开放平台

AliExpress开放平台

Signature algorithm

FAQ