Skip to main content
Signature Generation
1. Initialize Configuration and Parameters
2. Integrate signature parameters
3. Sort and Concatenate Parameters
4. Calculate Request Body MD5
5. Construct the Sign String
6. Encode the Sign String
7. Generate the Signature
Python
1  import hmac
2  import hashlib
3  import json
4  import uuid
5  from datetime import datetime, timezone
6  from urllib.parse import quote
7  import base64
8

9  # Initialize Configuration and Parameters
10  optional_api_endpoint = "<api_endpoint>"
11  app_key = "<your_app_key>"
12  app_secret = "<your_app_secret>"
13

14  # Request URI
15  uri = '/openapi/account/list'
16

17  # Signature Header
18  headers = {
19      'x-app-key': app_key,
20      'x-signature-algorithm': 'HMAC-SHA1',
21      'x-signature-version': '1.0',
22      'x-signature-nonce': uuid.uuid4().hex,
23      'x-timestamp': datetime.now(timezone.utc).strftime('%Y-%m-%dT%H:%M:%SZ'),
24      'host': optional_api_endpoint,
25      'Content-Type': 'application/json'
26  }
27

28  query_params = {
29  }
30

31  body_params = {
32  }
33

34

35  def generate_signature(uri, query_params, body_params, headers, app_secret):
36      query_params = query_params or {}
37      # Integrate signature parameters
38      params_dict = query_params.copy()
39      # Parameters in the Signature Header excluding the x-signature parameter.
40      params_dict.update({
41          'x-app-key': headers['x-app-key'],
42          'x-signature-algorithm': headers['x-signature-algorithm'],
43          'x-signature-version': headers['x-signature-version'],
44          'x-signature-nonce': headers['x-signature-nonce'],
45          'x-timestamp': headers['x-timestamp'],
46          'host': headers['host']
47      })
48

49      # Sort the dictionary from small to large according to the parameter's key
50      sorted_params = sorted(params_dict.items())
51      # Concatenate the sorted parameters into a string
52      param_string = '&'.join([f"{k}={v}" for k, v in sorted_params])
53

54      # Calculate the MD5 of the request body (if any)
55      body_md5 = ""
56      if body_params:
57          body_json = json.dumps(body_params, ensure_ascii=False, separators=(',', ':'))
58          body_md5 = hashlib.md5(body_json.encode()).hexdigest().upper()
59

60      # Build the sign string
61      sign_string = f"{uri}&{param_string}{'&' + body_md5 if body_md5 else ''}"
62

63      # Encode Request Elements
64      encoded_sign_string = quote(sign_string, safe='')
65

66      # Generating Signature
67      # base64(HMAC-SHA1(Part 1 + "&", Part 2))
68      secret = f"{app_secret}&"
69      signature = hmac.new(
70          secret.encode(),
71          encoded_sign_string.encode(),
72          hashlib.sha1
73      ).digest()
74

75      sign_string = base64.b64encode(signature).decode('utf-8')
76      print(f"Signature: {sign_string}")
77      return sign_string
78
Signature Generation
The hash is calculated using the HMAC-SHA1 algorithm and a secret key, then base64-encoded to obtain the final signature, which is used for identity authentication and tamper-proof verification of API requests.
7 Steps
Create and verify token
Get started quickly: set up credentials, configure order details, generate a signature, place your first order.
5 Steps
Place your first order
Get started quickly: set up credentials, configure order details, generate a signature, place your first order.
7 Steps