Signature Authentication (Recommended)

Last updated: 2021-08-16 11:28:07

    Overview

    This document describes the signature authentication methods of TPNS.

    The HMAC-SHA256 algorithm is used to generate signing information according to SecretKey. The authentication is performed by verifying the signature, which ensures higher security and is recommended.

    Parameter description

    Parameter Description
    AccessId Application ID assigned by the TPNS backend, which can be obtained in Configuration Management > Basic Configuration in the TPNS console
    SecretKey SecretKey assigned by the TPNS backend, which corresponds to AccessId and can be obtained in Configuration Management > Basic Configuration in the TPNS console
    Sign API signature
    TimeStamp Request timestamp

    Signature Generation Method

    1. Concatenate the request timestamp + AccessId + request body to get the original string to sign:
      String to sign = ${TimeStamp} + ${AccessId}} + ${request body}
    2. Use SecretKey as the key to sign the original string to generate a signature:
      Sign = Base64(HMAC_SHA256(SecretKey, string to sign))

    HTTP Request Description

    In addition to the general headers, the HTTP request also needs to carry the current request timestamp, AccessId, and Sign information. The specific parameters are as follows:

    Parameter in Header Description Required
    Sign Request signature Yes
    AccessId Application ID Yes
    TimeStamp Request timestamp Yes

    The specific HTTP request message is as follows:

    POST /v3/push/app HTTP/1.1
    Host: api.tpns.tencent.com
    Content-Type: application/json
    AccessId: 1500001048
    TimeStamp: 1565314789
    Sign: Y2QyMDc3NDY4MmJmNzhiZmRiNDNlMTdkMWQ1ZDU2YjNlNWI3ODlhMTY3MGZjMTUyN2VmNTRjNjVkMmQ3Yjc2ZA==
    {"audience_type": "account","message": {"title": "test title","content": "test content","android": { "action": {"action_type": 3,"intent": "xgscheme://com.xg.push/notify_detail?param1=xg"}}},"message_type": "notify","account_list": ["5822f0eee44c3625ef0000bb"] }
    

    Signature Generation Sample

    1. Generate the string to sign as follows:
      String to encrypt = 15653147891500001048{"audience_type": "account","message": {"title": "test title","content": "test content","android": { "action": {"action_type": 3,"intent": "xgscheme://com.xg.push/notify_detail?param1=xg"}}},"message_type": "notify","account_list": ["5822f0eee44c3625ef0000bb"] }
      
      Note:

      The ${request body} in the string to sign must be exactly the same as the data in the message body, including spaces and encoding.

    2. Generate a hexadecimal hash based on the key through the HMAC-SHA256 algorithm, i.e., secretKey =1452fcebae9f3115ba794fb0fff2fd73 in the sample.
      hashcode = hmac-sha256(SecretKey, string to sign)
      Result: hashcode="cd20774682bf78bfdb43e17d1d5d56b3e5b789a1670fc1527ef54c65d2d7b76d"
      
    3. Base64-encode the hashcode to get the following signature string:
      Sign=Base64(hashcode)
      Sign="Y2QyMDc3NDY4MmJmNzhiZmRiNDNlMTdkMWQ1ZDU2YjNlNWI3ODlhMTY3MGZjMTUyN2VmNTRjNjVkMmQ3Yjc2ZA=="
      

    Signature Code Samples in Various Languages

    #!/usr/bin/env python
    import hmac
    import base64
    from hashlib import sha256

    s = '15653147891500001048{"audience_type": "account","message": {"title": "test title","content": "test content","android": { "action": {"action_type": 3,"intent": "xgscheme://com.xg.push/notify_detail?param1=xg"}}},"message_type": "notify","account_list": ["5822f0eee44c3625ef0000bb"] }'
    key = '1452fcebae9f3115ba794fb0fff2fd73'
    hashcode = hmac.new(key, s, digestmod=sha256).hexdigest()
    print base64.b64encode(hashcode)