Signature Algorithm

IoT Hub

Release Notes and Announcements

Product Introduction

Getting Started

Scenario 1: Device Interconnection

Overview

Console Operation Steps

Device-Side Operation Steps

Scenario 2: Device Status Reporting and Setting

Scenario Overview

Device Status Reporting

Device Temperature Setting

MQTT.fx Connection Guide

Console Guide

Developer Manual

Device Connection Manual

Device Connection Overview

Connection Based on SDK for C

SDK for C Download

SDK for C Cross-Platform Porting

Overview

FreeRTOS + lwIP Platform Porting Description

MCU + Universal TCP_AT Module Porting (FreeRTOS)

MCU + Universal TCP_AT Module Porting (nonOS)

SDK for C Connection Description

SDK for C Use Instructions

Usage Overview

Compilation Configuration Description

Compilation Environment (Linux and Windows)

Getting Started with MQTT

API and Variable Parameter Description

Device Information Storage

Connection Based on SDK for Android

SDK for Android Release Notes

SDK for Android Project Configuration

SDK for Android Use Instructions

Connection Based on SDK for Java

SDK for Java Release Notes

SDK for Java Project Configuration

SDK for Java Use Instructions

Connection Based on SDK for Python

Python SDK Release Notes

SDK for Python Project Configuration

SDK for Python Use Instructions

API Documentation

FAQs

General

Device Connection and Reporting

Rule Engine

Console

IoT Hub Policy

Data Privacy And Security Agreement

Glossary

DocumentationIoT HubDeveloper ManualSignature Algorithm

Signature Algorithm

Download PDF

Last updated: 2024-12-27 15:44:26

Signature Algorithm

Last updated: 2024-12-27 15:44:26

Download PDF

Overview
When a device initiates an HTTP/HTTPS request to the platform, the request message should contain the signature information (X-TC-Signature) for requester identity verification.
Signing Steps
Sample device request message:
curl -X POST https://ap-guangzhou.gateway.tencentdevices.com/device/register \
-H "Content-Type: application/json; charset=utf-8" \
-H "X-TC-Algorithm: hmacsha256" \
-H "X-TC-Timestamp: 155****065" \
-H "X-TC-Nonce: 5456" \
-H "X-TC-Signature: 2230eefd229f582d8b1b891af****b91597240707d778ab3738f756258d7652c" \
-d '{"ProductId":"ASJ****GX","DeviceName":"xyz"}' 
1. Concatenate the string to sign
StringToSign =
    HTTPRequestMethod + \n +
    CanonicalHost + \n + 
    CanonicalURI + \n + 
    CanonicalQueryString + \n + 
    Algorithm + \n +
    RequestTimestamp + \n +
       Nonce + \n +
    HashedCanonicalRequest
Parameter
Description
HTTPRequestMethod
HTTP request method. POST is supported
CanonicalHost
Host address of the HTTP request
CanonicalURI
URI of the HTTP request; for example, the URI of https://ap-guangzhou.gateway.tencentdevices.com/device/register is /device/register
CanonicalQueryString
Query string in the URL of the initiated HTTP request, which is always an empty string "" for POST requests
Algorithm
Signature algorithm. Currently, HMACSHA256 and HMACSHA1 are supported
RequestTimestamp
Request timestamp
Nonce
Random number
HashedCanonicalRequest
Hash value of the request body, which is calculated by SHA256 hashing the HTTP request body, performing hexadecimal encoding, and then converting the encoded string to lowercase letters
According to the above rules, the canonical signature string obtained in the sample is as follows:
POST
ap-guangzhou.gateway.tencentdevices.com
/device/register
﻿
hmacsha256
155****065
5456
35e9c5b0e3ae67532d3c9f17ead6c902226****b1ff7f6e89887f1398934f064
﻿
2. Calculate the signature
The pseudo code for using key signatures, including product-level keys and device-level keys, is as follows:
Signature = Base64_Encode(HMAC_SHA256(SignSecret, StringToSign))
Parameter
Description
SignSecret
Signature key. `ProductSecret` is used for dynamic registration, and `psk` is used for devices to publish messages or report logs
StringToSign
String to sign
The pseudo code for using certificate signatures is as follows:
Signature = Base64_Encode(RSA_SHA256(PrivateKey, StringToSign))
Parameter
Description
PrivateKey
Certificate private key. Device X.509 private key certificate is used for devices to publish messages or report logs
StringToSign
String to sign
3. Assemble the request message
Based on the signature string obtained above, the final complete request is as follows:
POST https://ap-guangzhou.gateway.tencentdevices.com/devregister
Content-Type: application/json
Host: ap-guangzhou.gateway.tencentdevices.com
X-TC-Algorithm: HmacSha256
X-TC-Timestamp: 155****065
X-TC-Nonce: 5456
X-TC-Signature: 2230eefd229f582d8b1b891af71****1597240707d778ab3738f756258d7652c
﻿
﻿
{"ProductId":"ASJ****GX","DeviceName":"xyz"}
Sample Code
Below is the sample code in Python 3:
import hashlib
import random
import time
import hmac
import base64
﻿
if __name__ == '__main__':
    sign_format = '%s\n%s\n%s\n%s\n%s\n%d\n%d\n%s'
    url_format = '%s://ap-guangzhou.gateway.tencentdevices.com/device/register'
    request_format = "{\"ProductId\":\"%s\",\"DeviceName\":\"%s\"}"
device_name = 'dev***'
product_id = 'JCZ****KXS'
product_secret = 'X42fPqw********94cY5sQ1Y'
﻿
request_text = request_format % (product_id, device_name)
request_hash = hashlib.sha256(request_text.encode("utf-8")).hexdigest()
﻿
nonce = random.randrange(2147483647)
timestamp = int(time.time())
sign_content = sign_format % (
    "POST", "ap-guangzhou.gateway.tencentdevices.com",
    "/device/register", "", "hmacsha256", timestamp,
    nonce, request_hash)
print("\nsign_content: \n" + sign_content)
﻿
sign_base64 = base64.b64encode(hmac.new(product_secret.encode("utf-8"),
                sign_content.encode("utf-8"), hashlib.sha256).digest())
﻿
print("sign_base64: " + str(sign_base64))
﻿

Was this page helpful?

You can also Contact Sales or Submit a Ticket for help.

Yes

Parameter	Description
HTTPRequestMethod	HTTP request method. POST is supported
CanonicalHost	Host address of the HTTP request
CanonicalURI	URI of the HTTP request; for example, the URI of `https://ap-guangzhou.gateway.tencentdevices.com/device/register` is `/device/register`
CanonicalQueryString	Query string in the URL of the initiated HTTP request, which is always an empty string `""` for POST requests
Algorithm	Signature algorithm. Currently, HMACSHA256 and HMACSHA1 are supported
RequestTimestamp	Request timestamp
Nonce	Random number
HashedCanonicalRequest	Hash value of the request body, which is calculated by SHA256 hashing the HTTP request body, performing hexadecimal encoding, and then converting the encoded string to lowercase letters

Parameter	Description
SignSecret	Signature key. `ProductSecret` is used for dynamic registration, and `psk` is used for devices to publish messages or report logs
StringToSign	String to sign

Parameter	Description
PrivateKey	Certificate private key. Device X.509 private key certificate is used for devices to publish messages or report logs
StringToSign	String to sign

tencent cloud

New User Offers

Next-Generation CDN：EdgeOne

Elasticsearch Service free trial

Free Tier

Tencent Cloud Startup Program

Special Offers

Lighthouse Special Offers

Cloud Object Storage Special Offers

Featured Products

New Products

Education

Tencent Cloud Online Education Solutions

Gaming

Gaming Solution

Game Media Solutions

E-commerce

E-commerce retail solutions

Audio & Video

Audio/Video Solution

LVB Recording Solution

Interactive Classroom Solution

Interactive Live Streaming Solution

Audio Chat Social Networking Solution

Financial Services

Financial Services Solution

Compute

Cloud Virtual Machine

Auto Scaling

Batch Compute

CVM Dedicated Host

Database

TencentDB for MySQL

TencentDB for Redis®

TencentDB for CTSDB

TDSQL for MySQL

Data Transfer Service

TencentDB for MongoDB

TencentDB for PostgreSQL

TencentDB for SQL Server

Video Service

Cloud Streaming Services

Video on Demand

Media Processing Service

Cloud Application Rendering

Cloud Contact Center

Game Multimedia Engine

Chat

Real-time Communication

Tencent Effect SDK

AI and Machine Learning

Image Creation Large Model

Face Fusion

eKYC

Optical Character Recognition

Video Creation Large Model

Industry Applications

Tencent HealthCare Omics Platform

Container and Middleware

TDMQ for CKafka

Serverless Cloud Function

Tencent Kubernetes Engine

Tencent Kubernetes Engine for Serverless

Networking

Cloud Load Balancer

Virtual Private Cloud

Direct Connect

Cloud Connect Network

NAT Gateway

VPN Connection

Bandwidth Package

Anycast Internet Acceleration

Elastic Network Interface

Flow Logs

Global Application Acceleration Platform

Security

Captcha

Cloud Workload Protection Platform

Data Security Governance Center

Key Management Service