Overview
This document describes the signature authentication methods of Tencent Push Notification Service.
The HMAC-SHA256 algorithm is used to generate signing information according to SecretKey. The authentication is performed by verifying the signature, which ensures higher security and is recommended.
Parameter description
| Parameter |
Description |
| AccessId |
Application ID assigned by the Tencent Push Notification Service backend, which can be obtained in Configuration Management > Basic Configuration in the Tencent Push Notification Service console |
| SecretKey |
SecretKey assigned by the Tencent Push Notification Service backend, which corresponds to AccessId and can be obtained in Configuration Management > Basic Configuration in the Tencent Push Notification Service console |
| Sign |
API signature |
| TimeStamp |
Request timestamp in seconds |
Signature Generation Method
- Concatenate the request timestamp +
AccessId + request body to get the original string to sign:
String to sign = ${TimeStamp} + ${AccessId}} + ${request body}
- Use
SecretKey as the key to sign the original string to generate a signature:
Sign = Base64(HMAC_SHA256(SecretKey, string to sign))
HTTP Request Description
In addition to the general headers, the HTTP request also needs to carry the current request timestamp, AccessId, and Sign information. The specific parameters are as follows:
| Parameter in Header |
Description |
Required |
| Sign |
Request signature |
Yes |
| AccessId |
Application ID |
Yes |
| TimeStamp |
Request timestamp |
Yes |
The specific HTTP request message is as follows:
POST /v3/push/app HTTP/1.1
Host: api.tpns.tencent.com
Content-Type: application/json
AccessId: 1500001048
TimeStamp: 1565314789
Sign: Y2QyMDc3NDY4MmJmNzhiZmRiNDNlMTdkMWQ1ZDU2YjNlNWI3ODlhMTY3MGZjMTUyN2VmNTRjNjVkMmQ3Yjc2ZA==
{"audience_type": "account","message": {"title": "test title","content": "test content","android": { "action": {"action_type": 3,"intent": "xgscheme://com.xg.push/notify_detail?param1=xg"}}},"message_type": "notify","account_list": ["5822f0eee44c3625ef0000bb"] }
Signature Generation Sample
- Generate the string to sign as follows:
String to encrypt = 15653147891500001048{"audience_type": "account","message": {"title": "test title","content": "test content","android": { "action": {"action_type": 3,"intent": "xgscheme://com.xg.push/notify_detail?param1=xg"}}},"message_type": "notify","account_list": ["5822f0eee44c3625ef0000bb"] }
Note:
The ${request body} in the string to sign must be exactly the same as the data in the message body, including spaces and encoding.
Generate a hexadecimal hash based on the key through the HMAC-SHA256 algorithm, i.e., secretKey =1452fcebae9f3115ba794fb0fff2fd73 in the sample.
hashcode = hmac-sha256(SecretKey, string to sign)
Result: hashcode="09f07d2a518a8814e369dcd9534f10b8a29d128531a19adaa28cb247605c1e84"
Base64-encode the hashcode to get the following signature string:
Sign=Base64(hashcode)
Sign="MDlmMDdkMmE1MThhODgxNGUzNjlkY2Q5NTM0ZjEwYjhhMjlkMTI4NTMxYTE5YWRhYTI4Y2IyNDc2MDVjMWU4NA=="
Signature Code Samples in Various Languages
import hmac
import base64
from hashlib import sha256
s = '15653147891500001048{"audience_type": "account","message": {"title": "test title","content": "test content","android": { "action": {"action_type": 3,"intent": "xgscheme://com.xg.push/notify_detail?param1=xg"}}},"message_type": "notify","account_list": ["5822f0eee44c3625ef0000bb"] }'
key = '1452fcebae9f3115ba794fb0fff2fd73'
hashcode = hmac.new(key, s, digestmod=sha256).hexdigest()
print base64.b64encode(hashcode)
import hmac
import base64
from hashlib import sha256
s = '15653147891500001048{"audience_type": "account","message": {"title": "test title","content": "test content","android": { "action": {"action_type": 3,"intent": "xgscheme://com.xg.push/notify_detail?param1=xg"}}},"message_type": "notify","account_list": ["5822f0eee44c3625ef0000bb"] }'
key = '1452fcebae9f3115ba794fb0fff2fd73'
hashcode = hmac.new(bytes(key, "utf-8"), bytes(s, "utf-8"),
digestmod=sha256).hexdigest()
print(base64.b64encode(bytes(hashcode, "utf-8")))
package com.tencent.xg;
import java.io.UnsupportedEncodingException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.codec.binary.Hex;
public class SignTest {
public static void main(String[] args) {
try {
String stringToSign = "15653147891500001048{\"audience_type\": \"account\",\"platform\": \"android\",\"message\": {\"title\": \"test title\",\"content\": \"test content\",\"android\": { \"action\": {\"action_type\": 3,\"intent\": \"xgscheme://com.xg.push/notify_detail?param1=xg\"}}},\"message_type\": \"notify\",\"account_list\": [\"5822f0eee44c3625ef0000bb\"] }";
String appSecret = "1452fcebae9f3115ba794fb0fff2fd73";
Mac mac;
mac = Mac.getInstance("HmacSHA256");
mac.init(new SecretKeySpec(appSecret.getBytes("UTF-8"), "HmacSHA256"));
byte[] signatureBytes = mac.doFinal(stringToSign.getBytes("UTF-8"));
String hexStr = Hex.encodeHexString(signatureBytes);
String signature = Base64.encodeBase64String(hexStr.getBytes());
System.out.println(signature);
} catch (NoSuchAlgorithmException | InvalidKeyException | UnsupportedEncodingException e) {
e.printStackTrace();
}
}
}
import (
"crypto/hmac"
"crypto/sha256"
"encoding/base64"
"encoding/hex"
"testing"
)
func TestSign(t *testing.T) {
requestBody := "15653147891500001048{\"audience_type\": \"account\",\"message\": {\"title\": \"test title\",\"content\": \"test content\",\"android\": { \"action\": {\"action_type\": 3,\"intent\": \"xgscheme://com.xg.push/notify_detail?param1=xg\"}}},\"message_type\": \"notify\",\"account_list\": [\"5822f0eee44c3625ef0000bb\"] }"
secretKey := "1452fcebae9f3115ba794fb0fff2fd73"
h := hmac.New(sha256.New, []byte(secretKey))
h.Write([]byte(requestBody))
sha := hex.EncodeToString(h.Sum(nil))
sign := base64.StdEncoding.EncodeToString([]byte(sha))
println(sign)
}
using System;
using System.Security.Cryptography;
using System.Text;
namespace tpns_server_sdk_cs
{
class GenSign {
static public void Main(String[] args)
{
string reqBody =
"{\"audience_type\": \"account\",\"message\": {\"title\": \"test title\",\"content\": \"test content\",\"android\": { \"action\": {\"action_type\": 3,\"intent\": \"xgscheme://com.xg.push/notify_detail?param1=xg\"}}},\"message_type\": \"notify\",\"account_list\": [\"234\"] }";
string genSign = GenSign.genSign("1621307510", "1500004469", reqBody, "2b1163d904bd5f82dcf82dcf82dc4407");
Console.WriteLine(genSign);
}
public static string HmacSHA256(string key, string data)
{
string hash;
Byte[] code = System.Text.Encoding.UTF8.GetBytes(key);
using (HMACSHA256 hmac = new HMACSHA256(code))
{
Byte[] d = System.Text.Encoding.UTF8.GetBytes(data);
Byte[] hmBytes = hmac.ComputeHash(d);
hash = ToHexString(hmBytes);
}
return hash;
}
public static string ToHexString(byte[] array)
{
StringBuilder hex = new StringBuilder(array.Length * 2);
foreach (byte b in array)
{
hex.AppendFormat("{0:x2}", b);
}
return hex.ToString();
}
public static string genSign(string timeStampStr, string accessId, string requestBody, string keySecret)
{
string data = timeStampStr + accessId + requestBody;
string hash = HmacSHA256(keySecret, data);
string sign = Base64Encode(hash);
Console.WriteLine("timeStampStr: " + timeStampStr + " accessId:" + accessId + " requestBody" + requestBody + " keySecret:" + keySecret);
return sign;
}
public static string Base64Encode(string plainText) {
var plainTextBytes = System.Text.Encoding.UTF8.GetBytes(plainText);
return System.Convert.ToBase64String(plainTextBytes);
}
}
}
<?php
$accessId = "1500001048";
$secretKey = "1452fcebae9f3115ba794fb0fff2fd73";
$timeStamp = "1565314789";
$requestBody = "{\"audience_type\": \"account\",\"message\": {\"title\": \"test title\",\"content\": \"test content\",\"android\": { \"action\": {\"action_type\": 3,\"intent\": \"xgscheme://com.xg.push/notify_detail?param1=xg\"}}},\"message_type\": \"notify\",\"account_list\": [\"5822f0eee44c3625ef0000bb\"] }";
$hashData = "{$timeStamp}{$accessId}{$requestBody}";
echo "reqBody: " . $hashData . "\n";
$hashRes = hash_hmac("sha256", $hashData, $secretKey, false);
$sign = base64_encode($hashRes);
echo $sign . "\n";
?>
Yes
No
Was this page helpful?