接口认证
| 请求头 | 示例值 | 描述 |
|---|---|---|
zOffice-auth-type | s2s_MD5_sig | 固定为s2s_MD5_sig |
zOffice-message-nonce | 1f178946-397f-41a7-ae9e-fde1f40ad51a | 随机值,每次请求时随机生成 |
timeStamp | 1678618777752 | 请求时间戳,时间精度到毫秒 |
Authorization | repoId:publicApi:hash-md5(secret@@timestamp@@message-nonce) | 指定算法计算的token |
Authorization计算方式
public class Demo {
public static void main(String[] args) {
// 请求头timeStamp
String timestampHeaderValue = System.currentTimeMillis() + "";
// 请求头zOffice-message-nonce
String messageNonceHeaderValue = UUID.randomUUID().toString();
String reqBodyJsonStr = "请求体对应的JSON字符串,如果没有请求体,则为空串";
String token = getAuthToken(timestampHeaderValue, messageNonceHeaderValue, reqBodyJsonStr);
String repoId = "三方系统ID";
// 请求头Authorization
token = repoId + ":publicApi:" + token;
System.out.println("Authorization Header value is " + token);
}
private static String getAuthToken(String timestamp, String nonce, String reqBodyJsonStr) {
try {
MessageDigest md5 = MessageDigest.getInstance("MD5");
String secret = "三方研发生成的私钥,这个私钥同样需要配置在zOffice服务器,私钥配置可以看本文档1.3.2.1";
String seed = secret + "@@" + timestampHeaderValue + "@@" + messageNonceHeaderValue;
if (reqBodyJsonStr != null && reqBodyJsonStr.length != 0) {
seed += "@@" + reqBodyJsonStr;
}
md5.update(seed.getBytes(StandardCharsets.UTF_8));
return String.format("%032x", new BigInteger(1, md5.digest()));
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
}
return "";
}
}
认证失败会返回状态码401及认证失败信息,例如
401 InvalidAuthTimestamp
401 InvalidAuthHeader