Overview
This document describes the signature authentication methods of Tencent Push Notification Service.
The HMAC-SHA256 algorithm is used to generate signing information according to SecretKey
. The authentication is performed by verifying the signature, which ensures higher security and is recommended.
Parameter description
Parameter |
Description |
AccessId |
Application ID assigned by the Tencent Push Notification Service backend, which can be obtained in Configuration Management > Basic Configuration in the Tencent Push Notification Service console |
SecretKey |
SecretKey assigned by the Tencent Push Notification Service backend, which corresponds to AccessId and can be obtained in Configuration Management > Basic Configuration in the Tencent Push Notification Service console |
Sign |
API signature |
TimeStamp |
Request timestamp in seconds |
Signature Generation Method
- Concatenate the request timestamp +
AccessId
+ request body to get the original string to sign:
String to sign = ${TimeStamp} + ${AccessId}} + ${request body}
- Use
SecretKey
as the key to sign the original string to generate a signature:
Sign = Base64(HMAC_SHA256(SecretKey, string to sign))
HTTP Request Description
In addition to the general headers, the HTTP request also needs to carry the current request timestamp, AccessId
, and Sign
information. The specific parameters are as follows:
Parameter in Header |
Description |
Required |
Sign |
Request signature |
Yes |
AccessId |
Application ID |
Yes |
TimeStamp |
Request timestamp |
Yes |
The specific HTTP request message is as follows:
POST /v3/push/app HTTP/1.1
Host: api.tpns.tencent.com
Content-Type: application/json
AccessId: 1500001048
TimeStamp: 1565314789
Sign: Y2QyMDc3NDY4MmJmNzhiZmRiNDNlMTdkMWQ1ZDU2YjNlNWI3ODlhMTY3MGZjMTUyN2VmNTRjNjVkMmQ3Yjc2ZA==
{"audience_type": "account","message": {"title": "test title","content": "test content","android": { "action": {"action_type": 3,"intent": "xgscheme://com.xg.push/notify_detail?param1=xg"}}},"message_type": "notify","account_list": ["5822f0eee44c3625ef0000bb"] }
Signature Generation Sample
- Generate the string to sign as follows:
String to encrypt = 15653147891500001048{"audience_type": "account","message": {"title": "test title","content": "test content","android": { "action": {"action_type": 3,"intent": "xgscheme://com.xg.push/notify_detail?param1=xg"}}},"message_type": "notify","account_list": ["5822f0eee44c3625ef0000bb"] }
Note:
The ${request body}
in the string to sign must be exactly the same as the data in the message body, including spaces and encoding.
Generate a hexadecimal hash based on the key through the HMAC-SHA256 algorithm, i.e., secretKey =1452fcebae9f3115ba794fb0fff2fd73
in the sample.
hashcode = hmac-sha256(SecretKey, string to sign)
Result: hashcode="09f07d2a518a8814e369dcd9534f10b8a29d128531a19adaa28cb247605c1e84"
Base64-encode the hashcode to get the following signature string:
Sign=Base64(hashcode)
Sign="MDlmMDdkMmE1MThhODgxNGUzNjlkY2Q5NTM0ZjEwYjhhMjlkMTI4NTMxYTE5YWRhYTI4Y2IyNDc2MDVjMWU4NA=="
Signature Code Samples in Various Languages
import hmac
import base64
from hashlib import sha256
s = '15653147891500001048{"audience_type": "account","message": {"title": "test title","content": "test content","android": { "action": {"action_type": 3,"intent": "xgscheme://com.xg.push/notify_detail?param1=xg"}}},"message_type": "notify","account_list": ["5822f0eee44c3625ef0000bb"] }'
key = '1452fcebae9f3115ba794fb0fff2fd73'
hashcode = hmac.new(key, s, digestmod=sha256).hexdigest()
print base64.b64encode(hashcode)
import hmac
import base64
from hashlib import sha256
s = '15653147891500001048{"audience_type": "account","message": {"title": "test title","content": "test content","android": { "action": {"action_type": 3,"intent": "xgscheme://com.xg.push/notify_detail?param1=xg"}}},"message_type": "notify","account_list": ["5822f0eee44c3625ef0000bb"] }'
key = '1452fcebae9f3115ba794fb0fff2fd73'
hashcode = hmac.new(bytes(key, "utf-8"), bytes(s, "utf-8"),
digestmod=sha256).hexdigest()
print(base64.b64encode(bytes(hashcode, "utf-8")))
package com.tencent.xg;
import java.io.UnsupportedEncodingException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.codec.binary.Hex;
public class SignTest {
public static void main(String[] args) {
try {
String stringToSign = "15653147891500001048{\"audience_type\": \"account\",\"platform\": \"android\",\"message\": {\"title\": \"test title\",\"content\": \"test content\",\"android\": { \"action\": {\"action_type\": 3,\"intent\": \"xgscheme://com.xg.push/notify_detail?param1=xg\"}}},\"message_type\": \"notify\",\"account_list\": [\"5822f0eee44c3625ef0000bb\"] }";
String appSecret = "1452fcebae9f3115ba794fb0fff2fd73";
Mac mac;
mac = Mac.getInstance("HmacSHA256");
mac.init(new SecretKeySpec(appSecret.getBytes("UTF-8"), "HmacSHA256"));
byte[] signatureBytes = mac.doFinal(stringToSign.getBytes("UTF-8"));
String hexStr = Hex.encodeHexString(signatureBytes);
String signature = Base64.encodeBase64String(hexStr.getBytes());
System.out.println(signature);
} catch (NoSuchAlgorithmException | InvalidKeyException | UnsupportedEncodingException e) {
e.printStackTrace();
}
}
}
import (
"crypto/hmac"
"crypto/sha256"
"encoding/base64"
"encoding/hex"
"testing"
)
func TestSign(t *testing.T) {
requestBody := "15653147891500001048{\"audience_type\": \"account\",\"message\": {\"title\": \"test title\",\"content\": \"test content\",\"android\": { \"action\": {\"action_type\": 3,\"intent\": \"xgscheme://com.xg.push/notify_detail?param1=xg\"}}},\"message_type\": \"notify\",\"account_list\": [\"5822f0eee44c3625ef0000bb\"] }"
secretKey := "1452fcebae9f3115ba794fb0fff2fd73"
h := hmac.New(sha256.New, []byte(secretKey))
h.Write([]byte(requestBody))
sha := hex.EncodeToString(h.Sum(nil))
sign := base64.StdEncoding.EncodeToString([]byte(sha))
println(sign)
}
using System;
using System.Security.Cryptography;
using System.Text;
namespace tpns_server_sdk_cs
{
class GenSign {
static public void Main(String[] args)
{
string reqBody =
"{\"audience_type\": \"account\",\"message\": {\"title\": \"test title\",\"content\": \"test content\",\"android\": { \"action\": {\"action_type\": 3,\"intent\": \"xgscheme://com.xg.push/notify_detail?param1=xg\"}}},\"message_type\": \"notify\",\"account_list\": [\"234\"] }";
string genSign = GenSign.genSign("1621307510", "1500004469", reqBody, "2b1163d904bd5f82dcf82dcf82dc4407");
Console.WriteLine(genSign);
}
public static string HmacSHA256(string key, string data)
{
string hash;
Byte[] code = System.Text.Encoding.UTF8.GetBytes(key);
using (HMACSHA256 hmac = new HMACSHA256(code))
{
Byte[] d = System.Text.Encoding.UTF8.GetBytes(data);
Byte[] hmBytes = hmac.ComputeHash(d);
hash = ToHexString(hmBytes);
}
return hash;
}
public static string ToHexString(byte[] array)
{
StringBuilder hex = new StringBuilder(array.Length * 2);
foreach (byte b in array)
{
hex.AppendFormat("{0:x2}", b);
}
return hex.ToString();
}
public static string genSign(string timeStampStr, string accessId, string requestBody, string keySecret)
{
string data = timeStampStr + accessId + requestBody;
string hash = HmacSHA256(keySecret, data);
string sign = Base64Encode(hash);
Console.WriteLine("timeStampStr: " + timeStampStr + " accessId:" + accessId + " requestBody" + requestBody + " keySecret:" + keySecret);
return sign;
}
public static string Base64Encode(string plainText) {
var plainTextBytes = System.Text.Encoding.UTF8.GetBytes(plainText);
return System.Convert.ToBase64String(plainTextBytes);
}
}
}
<?php
$accessId = "1500001048";
$secretKey = "1452fcebae9f3115ba794fb0fff2fd73";
$timeStamp = "1565314789";
$requestBody = "{\"audience_type\": \"account\",\"message\": {\"title\": \"test title\",\"content\": \"test content\",\"android\": { \"action\": {\"action_type\": 3,\"intent\": \"xgscheme://com.xg.push/notify_detail?param1=xg\"}}},\"message_type\": \"notify\",\"account_list\": [\"5822f0eee44c3625ef0000bb\"] }";
$hashData = "{$timeStamp}{$accessId}{$requestBody}";
echo "reqBody: " . $hashData . "\n";
$hashRes = hash_hmac("sha256", $hashData, $secretKey, false);
$sign = base64_encode($hashRes);
echo $sign . "\n";
?>
Was this page helpful?