Interface authentication

All API interface calls must perform interface authentication, that is, add some request headers and request parameters (sig) to the http post request

Note: C7 Malaysia will provide two accounts. For authentication information, use the “User Center” account and password to query in [Docking Data Query] (../ data-query.md). Information for authentication The account Id is the account number.

1 Request header

Content-Type:application/json;charset=utf-8;
Authorization: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX;

  • Authorization is Header authentication information

Authorization value is Base64 encoded (account ID + colon + timestamp)

The account Id can be queried in [Docking Data Query] (../ data-query.md).

C7 Malaysia will provide two accounts, one is 8xxx @ xxx and the other is xxx. Docking data query uses all-letter account query.

E.g:N00000000556:20161013113612

After base64 encoding:TjAwMDAwMDAwNTU2OjIwMTYxMDEzMTEzNjEy

  • Colons are English colons
  • The timestamp is the current system time in the format "yyyyMMddHHmmss", which must be the same as the timestamp in the sig parameter.

2 Request parameters (sig)

E.g:

  • The URL must be followed by a sig parameter, such as sig=AAABBBCCCDDDEEEFFFGGG。

  • The sig value is 32-bit uppercase MD5 encryption (account ID + account APISecret + timestamp)

E.g: N00000000556secret20161013113612

md5 encryption is 88996D9907E0EE52C5DAF8EFFCC31CFC

  • Timestamp is the current system time, format is"yyyyMMddHHmmss".The timestamp is a 24-hour clock, such as:20140416142030,The validity period is 5 minutes, that is, the interface must be requested within 5 minutes after the sig is generated.

  • APISecret can query in [Docking Data Query] (../ data-query.md)

3 Request body

The request body data type is JSON. If the interface does not require it, it can be omitted.

E.g:{"_id":"22e25d60-809d-11e6-ad5a-b7e3030127fb"}

4 Scenario example

Requirements: Access to query customer data interface

E.g:

Customer account:N00000000556

current time:20161013164303

APISecret: 123456

Authorization: "TjAwMDAwMDAwNTU2OjIwMTYxMDEzMTY0MzAz"

sig:"AED8764EFF64286C14E1F26648FF140F"

Request method:POST

Request header:

Content-Type:application/json;charset=utf-8;
Authorization: TjAwMDAwMDAwNTU2OjIwMTYxMDEzMTY0MzAz;

Request body:

{"version":"201610100019"}

The request returned successfully:

Authentication failure returns:

{
    "message": "Forbidden",
    "code": 403
}

Authentication is successful, the request body parameters are returned incorrectly:

{
    "code": 400,
    "message": "please check your parameters"
}

Sample code: (Take the agent status interface as an example)

NodeJS sample code apiDemo/demo.js

JAVA sample code apiDemo/src/com/m7/restapi/demo/ApiDemo.java

php sample code moor.php