Obtain the signature in js, and the signature in js is signature.
Server:
1. Obtain the js accessToken.
Note: access_token is the globally unique ticket of the public account. access_token is required when the Public Account calls each interface.
Developers need to properly store them. The storage of access_token must contain at least 512 characters.
Access_token is currently valid for 2 hours and needs to be refreshed regularly,
Repeated access will invalidate the last access_token.
Currently, the validity period of access_token is expressed by the returned expire_in. Currently, it is within 7200 seconds.
The central control server needs to refresh the new access_token in advance based on the validity period.
Method:
1) The public account can use AppID and AppSecret to call this interface to obtain the access_token.
AppID and AppSecret are available on the official website of the public platform-Developer Center page.
(You must be a developer and the account is not in an abnormal state)
2). http request method:
GET: https://api.weixin.qq.com/cgi-bin/token? Grant_type = client_credential & appid = APPID & secret = APPSECRET
3). Return Description: Normally, the following JSON data packet is returned to the public number:
{& Quot; access_token & quot;: & quot; ACCESS_TOKEN & quot;, & quot; expires_in & quot;: 7200}
4) Put the obtained accessToken value into the cache for less than 7200 seconds
2. Get jsapi_ticket
Note: jsapi_ticket is a temporary ticket used by the public account to call the JS interface.
Under normal circumstances, jsapi_ticket is valid for 7200 seconds and obtained through access_token.
Method:
1) GET jsapi_ticket through http GET (valid for 7200 seconds, developers must cache jsapi_ticket globally in their own services:
2) http Request Method:
GET: https://api.weixin.qq.com/cgi-bin/ticket/getticket? Access_token = ACCESS_TOKEN & type = jsapi
3) return Description: The returned result is as follows:
{
"Errcode": 0,
"Errmsg": "OK ",
"Ticket": "bxLdikRXVbTPdHSM05e5u5sUoXNKd8-41ZO3MhKoyN5OfkWITDGgnr2fwJ0m9E8NYzWKVZvdVtaUgWvsdshFKA ",
"Expires_in": 7200
}
4) Put the obtained jsapi_ticket value in the cache for less than 7200 seconds
3. Generate a signature
Note: The signature generation rules are as follows:
The fields involved in the signature include noncestr (random string ),
Valid jsapi_ticket,
Timestamp (timestamp ),
Url ).
After all parameters to be signed are sorted in ascending order (lexicographically) according to the ASCII code of field names,
Format of the URL key-Value Pair (that is, key1 = value1 & key2 = value2 ...) Concatenate the string into string1.
Note that all parameter names are lowercase characters.
Perform sha1 encryption on string1, and use original values for field names and field values without URL escaping.
Method:
1). Sort all parameters to be signed in ascending order (lexicographically) according to the ASCII code of field names, and then use the format of the URL key-Value Pair
(That is, key1 = value1 & key2 = value2 ...) Concatenate the string into string1:
Jsapi_ticket = sM4AOVdWfPE4DxkXGEs8VMCPGGVi4C3VM0P37wVUCFvkVAy_90u5h9nbSlYy3-Sl-HhTdfl2fzFy1AOcHKP7qg & noncestr = Wm3WZYTPz0wzccnW & timestamp = 1414587457 & url = http://mp.weixin.qq.com
2) Sign string1 sha1 to obtain signature: f4d90daf4b3bca3078ab155816175ba34c443a7b
Use the commons-codec toolkit of Apache. The DigestUtils class has the SHA encryption method which can be called directly ..
3). Put all the parameter values required by the wx. config interface into the cache (namely signature, noncestr, timestamp) for less than 7200 seconds.
Note:
1) noncestr and timestamp used for signature must be the same as nonceStr and timestamp in wx. config.
2) The signed url must be the complete URL of the page that calls the JS interface.
3) for security reasons, developers must implement the signature logic on the server side.