Interface Authentication
| Request Header | Example Value | Description |
|---|---|---|
zOffice-auth-type | s2s_MD5_sig | Fixed as s2s_MD5_sig |
zOffice-message-nonce | 1f178946-397f-41a7-ae9e-fde1f40ad51a | Random value, randomly generated for each request |
timeStamp | 1678618777752 | Request timestamp, time precision to milliseconds |
Authorization | repoId:publicApi:hash-md5(secret@@timestamp@@message-nonce) | Token calculated by specified algorithm |
Authorization Calculation Method
public class Demo {
public static void main(String[] args) {
// Request header timeStamp
String timestampHeaderValue = System.currentTimeMillis() + "";
// Request header zOffice-message-nonce
String messageNonceHeaderValue = UUID.randomUUID().toString();
String reqBodyJsonStr = "JSON string corresponding to the request body, if there is no request body, it is an empty string";
String token = getAuthToken(timestampHeaderValue, messageNonceHeaderValue, reqBodyJsonStr);
String repoId = "Third-party system ID";
// Request header Authorization
token = repoId + ":publicApi:" + token;
System.out.println("Authorization Header value is " + token);
}
private static String getAuthToken(String timestamp, String nonce, String reqBodyJsonStr) {
try {
MessageDigest md5 = MessageDigest.getInstance("MD5");
String secret = "Private key generated by third-party development, this private key also needs to be configured on the zOffice server, private key configuration can be seen in section 1.3.2.1 of this document";
String seed = secret + "@@" + timestampHeaderValue + "@@" + messageNonceHeaderValue;
if (reqBodyJsonStr != null && reqBodyJsonStr.length != 0) {
seed += "@@" + reqBodyJsonStr;
}
md5.update(seed.getBytes(StandardCharsets.UTF_8));
return String.format("%032x", new BigInteger(1, md5.digest()));
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
}
return "";
}
}
Authentication failure will return status code 401 and authentication failure information, for example:
401 InvalidAuthTimestamp
401 InvalidAuthHeader