WeChat js obtains the signature and js signature.

Source: Internet
Author: User
Tags sha1 encryption

Obtain the signature in js, and the signature in js is signature.

Server:

1. Obtain the js accessToken.

Note: access_token is the globally unique ticket of the public account. access_token is required when the Public Account calls each interface.
Developers need to properly store them. The storage of access_token must contain at least 512 characters.
Access_token is currently valid for 2 hours and needs to be refreshed regularly,
Repeated access will invalidate the last access_token.

Currently, the validity period of access_token is expressed by the returned expire_in. Currently, it is within 7200 seconds.
The central control server needs to refresh the new access_token in advance based on the validity period.

Method:
1) The public account can use AppID and AppSecret to call this interface to obtain the access_token.
AppID and AppSecret are available on the official website of the public platform-Developer Center page.
(You must be a developer and the account is not in an abnormal state)

2). http request method:
GET: https://api.weixin.qq.com/cgi-bin/token? Grant_type = client_credential & appid = APPID & secret = APPSECRET

3). Return Description: Normally, the following JSON data packet is returned to the public number:
{& Quot; access_token & quot;: & quot; ACCESS_TOKEN & quot;, & quot; expires_in & quot;: 7200}

4) Put the obtained accessToken value into the cache for less than 7200 seconds

2. Get jsapi_ticket

Note: jsapi_ticket is a temporary ticket used by the public account to call the JS interface.
Under normal circumstances, jsapi_ticket is valid for 7200 seconds and obtained through access_token.

Method:
1) GET jsapi_ticket through http GET (valid for 7200 seconds, developers must cache jsapi_ticket globally in their own services:
2) http Request Method:
GET: https://api.weixin.qq.com/cgi-bin/ticket/getticket? Access_token = ACCESS_TOKEN & type = jsapi

3) return Description: The returned result is as follows:
{
"Errcode": 0,
"Errmsg": "OK ",
"Ticket": "bxLdikRXVbTPdHSM05e5u5sUoXNKd8-41ZO3MhKoyN5OfkWITDGgnr2fwJ0m9E8NYzWKVZvdVtaUgWvsdshFKA ",
"Expires_in": 7200
}
4) Put the obtained jsapi_ticket value in the cache for less than 7200 seconds

3. Generate a signature

Note: The signature generation rules are as follows:
The fields involved in the signature include noncestr (random string ),
Valid jsapi_ticket,
Timestamp (timestamp ),
Url ).
After all parameters to be signed are sorted in ascending order (lexicographically) according to the ASCII code of field names,
Format of the URL key-Value Pair (that is, key1 = value1 & key2 = value2 ...) Concatenate the string into string1.
Note that all parameter names are lowercase characters.
Perform sha1 encryption on string1, and use original values for field names and field values without URL escaping.
Method:
1). Sort all parameters to be signed in ascending order (lexicographically) according to the ASCII code of field names, and then use the format of the URL key-Value Pair
(That is, key1 = value1 & key2 = value2 ...) Concatenate the string into string1:

Jsapi_ticket = sM4AOVdWfPE4DxkXGEs8VMCPGGVi4C3VM0P37wVUCFvkVAy_90u5h9nbSlYy3-Sl-HhTdfl2fzFy1AOcHKP7qg & noncestr = Wm3WZYTPz0wzccnW & timestamp = 1414587457 & url = http://mp.weixin.qq.com


2) Sign string1 sha1 to obtain signature: f4d90daf4b3bca3078ab155816175ba34c443a7b
Use the commons-codec toolkit of Apache. The DigestUtils class has the SHA encryption method which can be called directly ..

3). Put all the parameter values required by the wx. config interface into the cache (namely signature, noncestr, timestamp) for less than 7200 seconds.

Note:

1) noncestr and timestamp used for signature must be the same as nonceStr and timestamp in wx. config.
2) The signed url must be the complete URL of the page that calls the JS interface.
3) for security reasons, developers must implement the signature logic on the server side.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.