How to handle API signatures

For many APIs that require signature verification, the typical workflow involves first manually accessing the signature endpoint, then attaching the obtained signature to other requests. This process can be quite cumbersome.

To streamline this flow, here provides a automatic method to retrieve the latest signature when making requests to other endpoints.

How to handle API signatures

Create a public script that implements the signature logic, read the API request parameters, and then use a built-in library (for example, crypto-js) to generate the signature.

There are two ways to add the generated signature as a parameter.

Method 1: Add a signature parameter and modify request information directly via scripts (no need to use environment variables).

Method 2: Write the generated signature to an environment variable, and references the variable in the API parameters.

Reference the public script created above in the preprocessor script for the API.

If the signature algorithm is written in another language, you can use the dog.execute method to call a program written in another language.

Example

Signature generation rule

Step 1: Let’s set the parameters as set M. We arrange the non-empty parameter in set M based on ASCII code by ascending order, and use URL key value pair format (i.e. key1=value1&key2=value2...) to concat the non-empty parameter into stringA.
TIP

Order the parameter name based on ASCII code by ascending order (dictionary order).

Empty parameter value will not be included in the signature.

Parameter names are case-sensitive.

The sign parameter will also not be included in the signature.

Step 2: Concat the key at the end of the stringA to get stringSignTemp, use MD5 algorithm on stringSignTemp, convert the resulting string to uppercase to get the signValue.

Public script implementation

Translation API Signature Example

Signature Generation Rule

Step 1: Concat the appid, test to be translated q (UTF-8 encoding), random number salt, and the platform assigned key (available in the management console) into string 1 based on the order of appid + q + salt + key.

Step 2: Use md5 algorithm on string 1 to get the 32-bit lowercase sign.

TIP

Text to be translated (q) needs to be in UTF-8 encoding.

When concating appid+q+salt+key into signature, do not apply URL encode on q. When the signature is generated, apply URL encode on q before sending out the HTTP request.

How to handle API signatures