When a device initiates an HTTP/HTTPS request to the platform, the request message should contain the signature information (X-TC-Signature) for requester identity verification.
Sample device request message:
curl -X POST https://ap-guangzhou.gateway.tencentdevices.com/device/register \
-H "Content-Type: application/json; charset=utf-8" \
-H "X-TC-Algorithm: hmacsha256" \
-H "X-TC-Timestamp: 155****065" \
-H "X-TC-Nonce: 5456" \
-H "X-TC-Signature: 2230eefd229f582d8b1b891af****b91597240707d778ab3738f756258d7652c" \
-d '{"ProductId":"ASJ****GX","DeviceName":"xyz"}'
StringToSign =
HTTPRequestMethod + \n +
CanonicalHost + \n +
CanonicalURI + \n +
CanonicalQueryString + \n +
Algorithm + \n +
RequestTimestamp + \n +
Nonce + \n +
HashedCanonicalRequest
Parameter | Description |
---|---|
HTTPRequestMethod | HTTP request method. POST is supported |
CanonicalHost | Host address of the HTTP request |
CanonicalURI | URI of the HTTP request; for example, the URI of https://ap-guangzhou.gateway.tencentdevices.com/device/register is /device/register |
CanonicalQueryString | Query string in the URL of the initiated HTTP request, which is always an empty string "" for POST requests |
Algorithm | Signature algorithm. Currently, HMACSHA256 and HMACSHA1 are supported |
RequestTimestamp | Request timestamp |
Nonce | Random number |
HashedCanonicalRequest | Hash value of the request body, which is calculated by SHA256 hashing the HTTP request body, performing hexadecimal encoding, and then converting the encoded string to lowercase letters |
According to the above rules, the canonical signature string obtained in the sample is as follows:
POST
ap-guangzhou.gateway.tencentdevices.com
/device/register
hmacsha256
155****065
5456
35e9c5b0e3ae67532d3c9f17ead6c902226****b1ff7f6e89887f1398934f064
Signature = Base64_Encode(HMAC_SHA256(SignSecret, StringToSign))
Parameter | Description |
---|---|
SignSecret | Signature key. `ProductSecret` is used for dynamic registration, and `psk` is used for devices to publish messages or report logs |
StringToSign | String to sign |
Signature = Base64_Encode(RSA_SHA256(PrivateKey, StringToSign))
Parameter | Description |
---|---|
PrivateKey | Certificate private key. Device X.509 private key certificate is used for devices to publish messages or report logs |
StringToSign | String to sign |
Based on the signature string obtained above, the final complete request is as follows:
POST https://ap-guangzhou.gateway.tencentdevices.com/devregister
Content-Type: application/json
Host: ap-guangzhou.gateway.tencentdevices.com
X-TC-Algorithm: HmacSha256
X-TC-Timestamp: 155****065
X-TC-Nonce: 5456
X-TC-Signature: 2230eefd229f582d8b1b891af71****1597240707d778ab3738f756258d7652c
{"ProductId":"ASJ****GX","DeviceName":"xyz"}
Below is the sample code in Python 3:
import hashlib
import random
import time
import hmac
import base64
if __name__ == '__main__':
sign_format = '%s\n%s\n%s\n%s\n%s\n%d\n%d\n%s'
url_format = '%s://ap-guangzhou.gateway.tencentdevices.com/device/register'
request_format = "{\"ProductId\":\"%s\",\"DeviceName\":\"%s\"}"
device_name = 'dev***'
product_id = 'JCZ****KXS'
product_secret = 'X42fPqw********94cY5sQ1Y'
request_text = request_format % (product_id, device_name)
request_hash = hashlib.sha256(request_text.encode("utf-8")).hexdigest()
nonce = random.randrange(2147483647)
timestamp = int(time.time())
sign_content = sign_format % (
"POST", "ap-guangzhou.gateway.tencentdevices.com",
"/device/register", "", "hmacsha256", timestamp,
nonce, request_hash)
print("\nsign_content: \n" + sign_content)
sign_base64 = base64.b64encode(hmac.new(product_secret.encode("utf-8"),
sign_content.encode("utf-8"), hashlib.sha256).digest())
print("sign_base64: " + str(sign_base64))
Was this page helpful?