Handling API Signatures

API signatures are security mechanisms that verify request authenticity and integrity. This guide demonstrates how to automate signature generation in Apidog, eliminating the need to manually retrieve signatures for each request.

Signature Automation Strategy

Instead of manually accessing a signature endpoint before each request, use Apidog's scripting capabilities to:

Create a public script implementing signature logic

Automatically generate signatures using request parameters

Attach signatures to requests via scripts or environment variables

Reference the public script in API preprocessors

Implementation Approach

Method 1: Direct Script Modification

Add signature parameters and modify request information directly via scripts without using environment variables.

Advantages:

No environment variable management

Immediate parameter updates

Simpler configuration

Method 2: Environment Variables

Generate the signature and write it to an environment variable, then reference the variable in API parameters.

Advantages:

Reusable across multiple requests

Easier debugging and monitoring

Centralized signature management

Method 3: External Programs

For signatures implemented in other languages, use the dog.execute method to call external programs.

Example: MD5-Based Signature

Signature Generation Rules

Step 1: Build the parameter string

Collect all non-empty parameters into set M

Sort parameters by ASCII code in ascending order (dictionary order)

Concatenate parameters in URL key-value format: key1=value1&key2=value2...

Result: stringA

Important rules:

Sort parameter names by ASCII code in ascending order

Empty parameter values are excluded from the signature

Parameter names are case-sensitive

The sign parameter itself is excluded from the signature

Step 2: Generate the signature

Concatenate the key at the end of stringA to get stringSignTemp

Apply MD5 algorithm to stringSignTemp

Convert the result to uppercase to get signValue

Public Script Implementation

Example: Translation API Signature

Signature Generation Rules

Step 1: Concatenate the string

Concatenate the following values in order:

appid: Application ID

q: Text to be translated (UTF-8 encoding)

salt: Random number

key: Platform-assigned key (available in management console)

Result: appid + q + salt + key

Step 2: Generate the signature

Apply MD5 algorithm to the concatenated string to get a 32-bit lowercase signature.

Important notes:

Text to be translated (q) must be in UTF-8 encoding

When concatenating appid+q+salt+key, do NOT apply URL encoding to q

After the signature is generated, apply URL encoding to q before sending the HTTP request

Example Request

Public Script Implementation

Best Practices

Practice	Description
Use Environment Variables	Store sensitive keys in environment variables, not in scripts
Validate Parameters	Check for required parameters before generating signatures
Log for Debugging	Use `console.log()` to debug signature generation issues
Handle Edge Cases	Account for empty values, special characters, and encoding
Centralize Logic	Use public scripts to avoid duplicating signature logic
Test Thoroughly	Verify signature generation with known test cases

Handling API Signatures

Signature Automation Strategy#

Implementation Approach#

Method 1: Direct Script Modification#

Method 2: Environment Variables#

Method 3: External Programs#

Example: MD5-Based Signature#

Signature Generation Rules#

Public Script Implementation#

Example: Translation API Signature#

Signature Generation Rules#

Example Request#

Public Script Implementation#

Best Practices#

Signature Automation Strategy

Implementation Approach

Method 1: Direct Script Modification

Method 2: Environment Variables

Method 3: External Programs

Example: MD5-Based Signature

Signature Generation Rules

Public Script Implementation

Example: Translation API Signature

Signature Generation Rules

Example Request

Public Script Implementation

Best Practices