API调用方法API call method
2.1调用流程Call process
根据POP的协议:填充参数 > 生成签名 > 拼装HTTP请求 > 发起HTTP请求> 得到HTTP响应 > 解释json结果。
2.11 使用分配的appId和appSecret,到服务器获取token (有效期24小时)。
2.12将所有参数(注意是所有参数,包括token,timestamp,nonce等,除去sign本身,MD5加密,全部大写,生成sign签名。(参考签名方法)。
2.13 参数带上sign,请求服务器。
According to the POP protocol: fill parameters > generate signature > assemble HTTP request > initiate HTTP request > get HTTP response > interpret json result.
2.11 Use the assigned appId and appSecret to get the token from the server (valid for 24 hours ).
2.12 All parameters (note that all parameters, including token, timestamp, nonce, etc., except the sign itself, MD5 encryption, all uppercase, generate the sign signature. (Refer to the signature method) .
2.13 Bring sign to the parameter and request the server.
2.2调用说明Calling instructions
2.21调用API时,必须传入系统级公共参数。
系统级公共输入参数:
字段 | 类型 | 是否必须 | 描述 |
appId | String | 是 | 应用的app_key |
token | String | 是 | 授权token获取方式见下 |
timestamp | String | 是 | 毫秒时间戳,格式:1564468040249,误差6分钟内(相同时区) |
nonce | String | 是 | 业务流水号(保持唯一,便于跟踪查询) |
sign | String | 是 | 签名(签名方法见下) |
method | String | 是 | 业务API接口名称 |
2.21 When calling an API, you must input system-level public parameters.
System-level public input parameters:
field | type | Is it necessary | describe |
appId | String | Yes | app_key of the application |
token | String | Yes | The method of obtaining authorization token is as follows |
timestamp | String | Yes | Millisecond timestamp, format: 1564468040249, within 6 minutes (same time zone) |
nonce | String | Yes | Business serial number (keep it unique for easy tracking and query) |
sign | String | Yes | Signature (see below for signature method) |
method | String | Yes | Business API interface name |
2.22应用级别输入参数
API调用除了必须包含公共参数外,如果API本身有业务级的参数也必须传入,每个API的业务级参数请考API文档说明。
字段 | 类型 | 是否必须 | 描述 |
data |
2.22 Application level input parameters
In addition to the public parameters that must be included in the API call, if the API itself has business-level parameters, it must also be inputed. Please refer to the API documentation for the business-level parameters of each API.
field | type | Is it necessary | describe |
data |
2.3签名算法Signature Algorithm
签名参数sign生成的方法
第1步: 将所有参数(注意是所有参数),除去值是空的参数和sign本身,按参数名首字母升序排序。
第2步: 然后把排序后的参数按参数1=值1参数2=值2…参数n=值n(这里的参数和值必须是采用utf-8进行URL编码)的方式拼接成一个字符串。
第3步: 把分配给接入方的签名密钥secret拼接在第2步得到的字符串后面。
第4步: 在上一步得到的字符串然后计算md5值,得到32位字符串,然后转成大写,得到的字符串作为sign的值
The method generated by the signature parameter sign
Step 1: Sort all parameters (note all parameters), excluding parameters whose value is empty and sign itself, in ascending order by the first letter of the parameter name .
Step 2: Then splicing the sorted parameters into a string in the manner of parameter 1=value 1 parameter 2=value 2...parameter n=value n (the parameters and values here must be URL encoded by utf-8 ) .
Step 3: Concatenate the signature key secret assigned to the access party to the string obtained in Step 2.
Step 4: The string obtained in the previous step and then calculate the md5 value to get a 32-bit string, then convert it to uppercase, and the obtained string is used as the value of sign
2.4请求入口地址Request entry address
正式环境:https://open.thisshop.com
Formal environment: https://open.thisshop.com
Test environment: http://t.tft.link:9081
2.5授权token获取Authorization token acquisition
接口名称 | 授权token获取 |
功能描述 | 您的应用需要取得用户的授权,即获取访问用户数据的授权令牌 token |
访问路径 | /api/oauth/access/token |
数据格式 | json |
请求方式 | post |
请求参数 | 字段类型是否必填说明appIdString是应用IDappSecretString是应用密钥timestampString是毫秒时间戳,如:1564468040249,误差6分钟内(相同时区)
|
请求示例报文 | { |
返回报文 | 成功返回: { 异常返回: { |
注意事项:
token有效期为24小时,每次请求获取token值都不一样,同等有效。
interface name | Authorization token acquisition |
Function description | Your application needs to obtain authorization from the user, that is, to obtain the authorization token token for accessing user data |
access path | /api/oauth/access/token |
Data Format | json |
request method | post |
request parameters | fieldtypeIs it requiredillustrateappIdStringYesApp IDappSecretStringYesapplication keytimestampStringYesMillisecond timestamp, such as: 1564468040249, within 6 minutes (same time zone)
|
Request sample message | { |
return message | returns successfully: { Exception returns: { |
Precautions:
The token is valid in 24 hours, and the token value obtained by each request is different, and it is equally valid.
2.6授权token有效性校验Authorization token validity verification
接口名称 | 授权token有效性校验 |
功能描述 | 校验token是否有效 |
访问路径 | /api/oauth/token/check |
数据格式 | json |
请求方式 | post |
请求参数 | 字段类型是否必填说明appIdString是应用IDappSecretString是应用密钥timestampString是毫秒时间戳,如:1564468040249,误差6分钟内(相同时区)tokenString是授权token
|
返回参数 | 字段类型说明enabledStringy:有效n:无效restTimeStirng剩余有效时间,单位为秒,仅有效时返回
|
请求示例报文 | { |
返回报文 |
interface name | Authorization token validity check |
Function description | Check if the token is valid |
access path | /api/oauth/token/check |
Data Format | json |
request method | post |
request parameters | fieldtypeIs it requiredillustrateappIdStringYesApp IDappSecretStringYesapplication keytimestampStringYesMillisecond timestamp, such as: 1564468040249, within 6 minutes (same time zone)tokenStringYesauthorization token
|
return parameter | fieldtypeillustrateenabledStringy: validn: invalidrestTimeStirngRemaining valid time, in seconds, returns only when valid
|
Request sample message | { |
return message |
