当前位置:网站首页>Common misconceptions in Tencent conference API - signature error_ code 200003

Common misconceptions in Tencent conference API - signature error_ code 200003

2022-06-24 08:32:00 liquid

The signature error is that the developer is accessing API Very common mistakes in the process , If you are using PHP perhaps Java, Suggestions are based on the demo Code To transform , This problem can be basically avoided . Common signature errors are code implementation errors 、 Call mode error and other errors , Here's how to explain , It also introduces a simple method to verify the signature .

Common errors in signature code :

The official website provides the signature implementation of various programming languages , It can basically meet the needs of most background development . For the implementation of other languages, use Go Take language as an example to explain the points needing attention , The signature code is as follows :

/**
 *  Generate signature 
 *
 * @param secretId  Sent by email secret_id
 * @param secretKey  Sent by email secret_key
 * @param httpMethod http Request method  GET/POST/PUT etc. 
 * @param headerNonce X-TC-Nonce Request header , random number 
 * @param headerTimestamp X-TC-Timestamp Request header , The second timestamp of the current time 
 * @param requestUri  request uri,eg:/v1/meetings
 * @param requestBody  Request body , None is set as empty string 
 * @return  Signature , It needs to be set in the request header X-TC-Signature in 
 */
func DoSignature(secretId string, secretKey string, httpMethod string, headerNonce string, headerTimestamp string, requestUri string, requestBody string) string {
    //1、 Series connection Header Parameters 
    headSignStr := fmt.Sprintf("X-TC-Key=%s&X-TC-Nonce=%s&X-TC-Timestamp=%s",
         secretId, headerNonce, headerTimestamp)
    //2、 Group signature string 
    signStr := fmt.Sprintf("%s\n%s\n%s\n%s", httpMethod, headSignStr, requestUri, requestBody)
    //3、 Calculate signature 
    h := hmac.New(sha256.New, []byte(secretKey))
    h.Write([]byte(signStr))
    sha := hex.EncodeToString(h.Sum([]byte{}))
    //4、Base64 code 
    signBase64 := base64.StdEncoding.EncodeToString([]byte(sha))
    return signBase64
}

According to the website , We can know that the signature is divided into 4 Step by step :1、 Series connection Header Parameters ;2、 Group signature string ;3、SHA256 Calculate signature ;4、Base64 code .

Common code errors mainly include 3 individual :

  1. Series connection Header Parameters are not arranged in ascending dictionary order . It is recommended to concatenate... Directly in the order of the parameters in the sample code Header Parameters .
  2. During commissioning , Yes GET Method signature , Because the message body is empty , The first 2 A new line character is missing in the step group signature string ( Altogether 3 individual ), The calculation signature is incorrect . So it doesn't matter requestBody Whether it is empty or not, we need to pass in this parameter , It is a space-time transmission empty string .
  3. The developer forgot to do the 4 Step by step Base64 transcoding .

Common mistakes in usage :

  1. When signing secretId and secretKey These two parameters are written inversely .
  2. Take creating a conference interface as an example , Delivered requestUri Parameter is https://api.meeting.qq.com/v1/meetings, actual requestUri Does not contain the previous domain name , Pass on /v1/meetings That's all right. .
  3. http Header parameters X-TC-Key by secretId, Wrong writing secretKey.
  4. http There is no... In the header parameter SdkId.
  5. The message body passed when signing requestBody Inconsistent with the actual transmission , It is common to fill in the message body manually json The string makes the two sides different , It is recommended to directly convert the structure into json strand .

Other mistakes :

  1. Call when the request content is all in English OK, When the signature is in Chinese, an error is reported . In this case, the coding format needs to be modified to utf-8 .
  2. The above error is modified as utf-8 After that, it still reports an error , This is usually the case http The reason for the plug-in is . The specific reason is that the plug-in has made Unicode code , But when calculating the signature, there is no , This leads to the signature error . In this case, priority should be given to upgrading http Plug in solution , If it cannot be modified for special reasons http plug-in unit , When calculating the signature , Make the Chinese characters in the passed message body parameters Unicode transformation , Then use the converted String to participate in the signature calculation , In this way, the message body encoding used for signature calculation is consistent with the actual transmission . Specific conversion code (Java) as follows :
public static String chineseToUnicode(String str) {
    String result = "";
    for (int i = 0; i < str.length(); i++) {
        int chr1 = (char)str.charAt(i);
        //  The range of Chinese characters  \u4e00 - \u9fa5
        if (chr1 >= 19968 && chr1 <= 171941) {
            result += "\\u" + Integer.toHexString(chr1);
        } else {
            result += str.charAt(i);
        }
    }
    return result;
}

Signature verification method :

It is impossible to confirm whether the signature is correct by sending a request to the server before completing the interface development , Therefore, it is necessary to use the Developer tools To verify our signature algorithm . For the sake of simplicity , When verifying the signature algorithm, we use the GET Method , With Adoption of the meeting ID Inquire about This interface is an example of how to use .

1. Fill in the account information

2. Fill in the request parameters

3. Generate signature

Fill in the parameters according to the following figure and click Generate current timestamp , Generate a random number and Get signature button .

4. Get signature parameters and results for code verification

Click send request , Then obtain the parameters used for signing and the signing results at the following original request , Then put the same parameters into your signature code to verify . Be careful not to double-click the copy signature result directly in the above request header interface , You'll miss the last two “=” The result of signature calculation is different .

原网站

版权声明
本文为[liquid]所创,转载请带上原文链接,感谢
https://yzsam.com/2021/06/20210624170440217r.html