Token Algorithm
Token consists of multiple parameters, as shown below:
| Name | Type | Required or not | Parameter Description | Parameter Example |
|---|---|---|---|---|
| version | string | Yes | Parameter group version number, date format, currently only supporting “2018-10- 31” | 2018-10-31 |
| res | string | Yes | Access resources resource format: parent resource class/parent resource ID/child resource class/child resource ID See information about res usage scenarios | products/123123 products/123123/devices/mqs/osndf09nand9f21390 |
| et | int | Yes | Access expiration time expirationTime, unix time When the et time in an access parameter is earlier than the current time, the access parameter is considered expired and the access is refused. | 1537255523 represents: Beijing Time 2018-09-15:25:23 |
| method | string | Yes | Signature method signatureMethod supports md5, sha1 and sha256. | sha256 |
| sign | string | Yes | Signature result string signature |
Special instructions about token parameters:
Information about Res Usage Scenarios
The usage scenarios are as follows:
| Scenario | res Parameter Format | Examples |
|---|---|---|
| API Access | products/{pid} | products/123123 |
| Device Connection | products/{pid}/devices/{device_name} | products/123123/devices/m |
Sign-signature algorithm
An algorithm for generating parameter sign is as follows:
sign = base64(hmac_<method>(base64decode(accessKey), utf-8(StringForSignature)))
Where:
accessKey is the unique access secret key allocated by OneNET for independent resources (e.g. products). It participates in signature computation as one of the signature algorithm parameters. In order to ensure access security, please keep it properly.
A base64decode operation should be performed before accessKey participates in computation.
The composition order of the string StringForSignature used for calculating signature is in accordance with the parameter name separated by '/n', and the current version is sorted in the following order: et, method, res, version.
StringForSignature is constituted as follows:
StringForSignature = et + '\n' + method + '\n' + res+ '\n' + version
Note: Each parameter is incorporated in a key=value format, but only value participates in computing the components of the signature string StringForSignature. If token parameter is as follows:
et = 1537255523
method = sha1
res = products/123123
version = 2018-10-31
Then the string used to calculate a signature, StringForSignature, is (in the order of et, method, res and version).
StringForSignature = "1537255523" + "\n" + "sha1"+ "\n" + "products/123123"+ "\n" + "2018-10-31"
After sign is computed, each parameter is expressed in the form of key=value, using '&' as a separator, as illustrated below:
version=2018-10-31&res=products/123123&et=1537255523&method=sha1&sign=ZjA1NzZlMmMxYzIOTg3MjBzNjYTI2MjA4Yw=
Parameter Coding
Token value in the form of key=value requires URL encoding, and the special symbols to be encoded are as follows:
| No. | Symbol | Encode |
|---|---|---|
| 1 | + | %2B |
| 2 | Space | %20 |
| 3 | / | %2F |
| 4 | ? | %3F |
| 5 | % | %25 |
| 6 | # | %23 |
| 7 | & | %26 |
| 8 | = | %3D |
After coding, the actually transmitted token in the above example is:
version=2018-10-31&res=products%2F123123&et=1537255523&method=sha1&sign=ZjA1NzZlMmMxYzIOTg3MjBzNjYTI2MjA4Yw%3D