Sign Requests(Old Version)

Last Updated on : 2022-04-14 03:28:04download

When you call an API operation of the cloud development, you must provide a signature to verify your identity. This topic describes how to generate a signature in a call.

Signature algorithm

Tuya Smart uses HMAC-SHA256 to create a message digest. Different signature algorithms are used in the following types of API operations: token management operations and service management operations.

Signature algorithm for token management operations

  • Scope of application: operations that are used to get or refresh tokens.

  • Signature algorithm: sign = HMAC-SHA256(client_id + t, secret).toUpperCase()

  • Procedure to sign a request:

    1. Concatenate the value of client_id and the 13-digit standard timestamp of the specified request to create a string.
    2. Create a hash digest value based on the string and the value of secret. Encode the hash digest value into a new string.
    3. Capitalize all letters of the new string.

Signature algorithm for service management operations

  • Scope of application: operations that are used to manage services rather than tokens.
  • Signature algorithm: sign = HMAC-SHA256(client_id + access_token + t, secret).toUpperCase()
  • Procedure to sign a request:
    1. Concatenate the value of client_id, access_token, and the 13-digit standard timestamp of the specified request to create a string.
    2. Create a hash digest value based on the string and the value of secret. Encode the hash digest value into a new string.
    3. Capitalize all letters of the new string.

Signature examples

Parameters

Parameter Value
client_id 1KAD46OrT9HafiKdsXeg
secret 4OHBOnWOqaEC1mWXOpVL3yV50s0qGSRC
t 1588925778000
access_token 3f4eda2bdec17232f67c0b188af3eec1

Signature algorithm for token management operations

  1. Create a string-to-sign.
    1KAD46OrT9HafiKdsXeg1588925778000

  2. Create a hash digest value based on the string and the value of secret. Encode the hash digest value into a new string.

    • Hash digest value: HMAC-SHA256(1KAD46OrT9HafiKdsXeg1588925778000,4OHBOnWOqaEC1mWXOpVL3yV50s0qGSRC)
    • New string: ceaafb5ccdc2f723a9fd3e91d3d2238ee0dd9a6d7c3c365deb50fc2af277aa83
  3. Capitalize all letters of the new string.
    CEAAFB5CCDC2F723A9FD3E91D3D2238EE0DD9A6D7C3C365DEB50FC2AF277AA83

Signature algorithm for service management operations

  1. Create a string-to-sign.
    1KAD46OrT9HafiKdsXeg3f4eda2bdec17232f67c0b188af3eec11588925778000

  2. Create a hash digest value based on the string and the value of secret. Encode the hash digest value into a new string.

    • Hash digest value: HMAC-SHA256(1KAD46OrT9HafiKdsXeg3f4eda2bdec17232f67c0b188af3eec11588925778000,4OHBOnWOqaEC1mWXOpVL3yV50s0qGSRC)

    • New string: 36c30e300f226b68add014dd1ef56a81edb7b7a817840485769b9d6c96d0faa1

  3. Capitalize all letters of the new string.
    36C30E300F226B68ADD014DD1EF56A81EDB7B7A817840485769B9D6C96D0FAA1

Implement the HMAC SHA256 authentication scheme

Javascript

/**
Run the code online with this jsfiddle. Dependent upon an open source js library calledhttp://code.google.com/p/crypto-js/.
**/

<script src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/hmac-sha256.min.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/enc-base64.min.js"></script>

<script>
  var hash = CryptoJS.HmacSHA256("Message", "secret");
  var hashInBase64 = hash.toString().toUpperCase();
  document.write(hashInBase64);
</script>

PHP

/**
PHP has built in methods for hash_hmac (PHP 5) and base64_encode (PHP 4, PHP 5) resulting in no outside dependencies. Say what you want about PHP but they have the cleanest code for this example.
**/

$s = strtoupper(hash_hmac("sha256", "Message", 'secret'));
echo var_dump($s);

Java

/**
Dependent on Apache Commons Codec to encode in base64.
**/

import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.binary.Base64;

public class ApiSecurityExample {
  public static void main(String[] args) {
    try {
     String secret = "secret";
     String message = "Message";

     Mac sha256_HMAC = Mac.getInstance("HmacSHA256");
     SecretKeySpec secret_key = new SecretKeySpec(secret.getBytes(), "HmacSHA256");
     sha256_HMAC.init(secret_key);

      byte[] bytes = sha256_HMAC.doFinal(message.getBytes());
     String hash = new HexBinaryAdapter().marshal(bytes).toUpperCase();
     System.out.println(hash);
    }
    catch (Exception e){
     System.out.println("Error");
    }
   }
}

C#

using System;
using System.Security.Cryptography;

namespace Test
{
  public class MyHmac
  {
    public static string Encrypt(string message, string secret)
            {
                secret = secret ?? "";
                var encoding = new System.Text.UTF8Encoding();
                byte[] keyByte = encoding.GetBytes(secret);
                byte[] messageBytes = encoding.GetBytes(message);
                using (var hmacsha256 = new HMACSHA256(keyByte))
                {
                    byte[] hashmessage = hmacsha256.ComputeHash(messageBytes);
                    StringBuilder builder = new StringBuilder();
                    for (int i = 0; i < hashmessage.Length; i++)
                    {
                        builder.Append(hashmessage[i].ToString("x2"));
                    }
                    return builder.ToString().ToUpper();
                }
            }
  }
}