|
|
@@ -307,17 +307,57 @@ Signature: {signature}</code></pre>
|
|
|
<h2>2. 签名验证</h2>
|
|
|
<p>签名用于验证请求数据的完整性,防止数据被篡改。签名生成步骤:</p>
|
|
|
<ol>
|
|
|
- <li>将请求数据(JSON格式)按参数名升序排序</li>
|
|
|
+ <li>过滤请求参数:排除 <code>sign</code> 参数、<code>null</code> 值、空字符串、空数组、空对象</li>
|
|
|
+ <li>将过滤后的参数按参数名ASCII码升序排序</li>
|
|
|
+ <li>对字典或列表类型的值进行JSON序列化(<code>sort_keys=true</code>,<code>separators=(',', ':')</code>)</li>
|
|
|
+ <li>对每个参数值进行URL编码(<code>UTF-8</code>编码)</li>
|
|
|
<li>将排序后的参数拼接为字符串:<code>key1=value1&key2=value2</code></li>
|
|
|
<li>使用API Secret作为密钥,通过HMAC-SHA256算法生成签名</li>
|
|
|
<li>将签名添加到请求头 <code>Signature</code> 中</li>
|
|
|
</ol>
|
|
|
<h3>2.1 签名计算示例</h3>
|
|
|
- <pre><code># 签名计算方式
|
|
|
-# 1. 对请求体字典按参数名升序排序
|
|
|
-# 2. 拼接为 key1=value1&key2=value2 格式
|
|
|
-# 3. 使用HMAC-SHA256算法,密钥为API Secret
|
|
|
-# 4. 将计算结果作为Signature请求头的值</code></pre>
|
|
|
+ <pre><code># 原始请求数据
|
|
|
+{
|
|
|
+ "account_book_id": "123456",
|
|
|
+ "amount": 100.00,
|
|
|
+ "payee_info": {
|
|
|
+ "identity_type": "ALIPAY_ACCOUNT",
|
|
|
+ "name": "张三",
|
|
|
+ "identity": "zhangsan@example.com"
|
|
|
+ },
|
|
|
+ "sign": "不需要参与签名",
|
|
|
+ "empty_param": "",
|
|
|
+ "null_param": null
|
|
|
+}
|
|
|
+
|
|
|
+# 1. 过滤后(排除sign、空字符串、null)
|
|
|
+{
|
|
|
+ "account_book_id": "123456",
|
|
|
+ "amount": 100.00,
|
|
|
+ "payee_info": {
|
|
|
+ "identity_type": "ALIPAY_ACCOUNT",
|
|
|
+ "name": "张三",
|
|
|
+ "identity": "zhangsan@example.com"
|
|
|
+ }
|
|
|
+}
|
|
|
+
|
|
|
+# 2. 按参数名升序排序
|
|
|
+account_book_id, amount, payee_info
|
|
|
+
|
|
|
+# 3. JSON序列化嵌套对象
|
|
|
+payee_info={"identity":"zhangsan@example.com","identity_type":"ALIPAY_ACCOUNT","name":"张三"}
|
|
|
+
|
|
|
+# 4. URL编码(处理中文)
|
|
|
+name=%E5%BC%A0%E4%B8%89
|
|
|
+
|
|
|
+# 5. 拼接字符串
|
|
|
+account_book_id=123456&amount=100.0&payee_info=%7B%22identity%22%3A%22zhangsan%40example.com%22%2C%22identity_type%22%3A%22ALIPAY_ACCOUNT%22%2C%22name%22%3A%22%E5%BC%A0%E4%B8%89%22%7D
|
|
|
+
|
|
|
+# 6. HMAC-SHA256签名(密钥为API Secret)
|
|
|
+signature = HMAC-SHA256(api_secret, sign_str)
|
|
|
+
|
|
|
+# 7. 请求头中添加签名
|
|
|
+Signature: {signature}</code></pre>
|
|
|
</div>
|
|
|
|
|
|
<div v-else-if="activeSection === 'notes'" class="section-content">
|
|
|
@@ -326,7 +366,9 @@ Signature: {signature}</code></pre>
|
|
|
<li>API Key和Secret请妥善保管,不要泄露给他人</li>
|
|
|
<li>签名验证是<strong>必填</strong>的,未带签名或签名错误将返回401</li>
|
|
|
<li>签名使用HMAC-SHA256算法,密钥为API Secret</li>
|
|
|
- <li>签名对象是请求体字典排序后的键值对字符串(key1=value1&key2=value2)</li>
|
|
|
+ <li>签名计算前会自动过滤:<code>sign</code>参数、<code>null</code>值、空字符串、空数组、空对象</li>
|
|
|
+ <li>嵌套对象(如<code>payee_info</code>)会先进行JSON序列化再参与签名</li>
|
|
|
+ <li>参数值会进行URL编码(UTF-8),确保中文字符正确处理</li>
|
|
|
<li>定期更新API Key,建议每3-6个月更换一次</li>
|
|
|
<li>如发现API Key泄露,请立即禁用并重新生成</li>
|
|
|
<li>API Key有过期时间,请在过期前及时更新</li>
|
