Signature Certification
Each operator will get a unique API "Key" and "secret". Between system server, need to do IP access control, only the specified ip can access.
Example: http://127.0.0.1:8080/operator/api/subAccountList.htm Parameter:
{
"coin":"BTC",
"opId":"op_test",
"params":"9Eh5QsxvvCttZwutPv60bVb8MXZpKrgE2J8ma-0UN997f0M7j3qeziH8pVgk7-tLHV1lC_k6O5j3W6A0HWmJL57d4YLNVV-JVl-d_sCOaDNkB3xdB-93X1jsG353A_AV",
"sign":"6CAD065DBB019EA9599CE658F1E9EAD45C5DFBDB22CE885A49923FC465EF6140"
}
Among them: params uses apiKey to encrypt。 sign will generate signature by secret using the data formed by "coinType + operatorId + params"
Return:
{
"code": "000000",
"data": {
"page": 1,
"pageSize": 10,
"rows": [],
"totalPage": 1,
"totalRecord": 0
},
"message": "ok"
}
Sample code:
public static void main(String[] args) throws Exception {
String apiUrl = "http://127.0.0.1/operator/api/poolBlockList.htm";
String apiKey = "253971edbf3447968ccee8346dd688df";
String apiSecret = "9f878355a1d04048b28275263a4bbe39";
Long nonce = System.currentTimeMillis();
Map<String, Object> record = new HashMap<String, Object>();
record.put("key", apiKey);
record.put("nonce", nonce);
record.put("page", 1);
record.put("pageSize", 10);
String result = requestApi(apiUrl, "BTC", JSONObject.toJSONString(record), apiSecret, apiKey);
System.out.println(result);
}
private static String requestApi(
String apiUrl,
String coinType,
String params,
String secret,
String apiKey
)
throws Exception {
String operatorId = "test";
String signData = coinType + operatorId + params;
Mac hmacSha256 = Mac.getInstance("HmacSHA256");
SecretKeySpec secretKey = new SecretKeySpec(secret.getBytes(), "HmacSHA256");
hmacSha256.init(secretKey);
String signature = Hex.encodeHexString(hmacSha256.doFinal(signData.getBytes())).toUpperCase();
Map<String, Object> map = new HashMap<String, Object>();
map.put("coin", coinType);
map.put("opId", operatorId);
map.put("sign", signature);
map.put("params", CodecUtils.AESEncode2Base64URLSafeString(params, apiKey));
return HttpUtil.post(apiUrl, "UTF-8", JSONObject.toJSONString(map));
}
import org.apache.commons.codec.binary.Base64;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
public class CodecUtils {
private static final String ENCODING = "UTF-8";
private static final String AES = "AES";
/**
*
*
* @param password
*
* @return
* @throws NoSuchAlgorithmException
*/
private static SecretKeySpec getKey(String password)
throws NoSuchAlgorithmException {
KeyGenerator kgen = KeyGenerator.getInstance(AES);
SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
random.setSeed(password.getBytes());
kgen.init(128, random);
SecretKey secretKey = kgen.generateKey();
byte[] enCodeFormat = secretKey.getEncoded();
SecretKeySpec key = new SecretKeySpec(enCodeFormat, AES);
return key;
}
public static String AESEncode2Base64URLSafeString(String data,
String password) throws Exception {
Cipher cipher = Cipher.getInstance(AES);
byte[] byteContent = data.getBytes(ENCODING);
cipher.init(Cipher.ENCRYPT_MODE, getKey(password));
byte[] result = cipher.doFinal(byteContent);
return Base64.encodeBase64URLSafeString(result);
}
public static String AESDecodeByBase64URLSafeString(String data,
String password) throws Exception {
byte[] content = Base64.decodeBase64(data);
Cipher cipher = Cipher.getInstance(AES);
cipher.init(Cipher.DECRYPT_MODE, getKey(password));
byte[] result = cipher.doFinal(content);
return new String(result, ENCODING);
}
}