簽章驗證

API 金鑰驗證與存取

您需使用 HTTP 授權標頭才能在每個要求中傳輸 API 金鑰，與 SHA-512 簽章雜湊。簽章雜湊由 API 金鑰、共用密碼與 UNIX 時間戳記組成。

建立授權標頭

EPS 要求授權標頭使用以下格式：請注意，必須加上 EPS 前綴。此前綴可確保正確的授權規則套用至您的要求。

Authorization: EAN APIKey=yourAPIKey,Signature=sha512Hash,timestamp=yourUNIXTimestamp

您的 signature 值，為串連 API 金鑰、共用密碼、UNIX 時間戳記 (單位為秒) 的 Unsalted SHA-512 雜湊。

您的 timestamp 值，必須與用來產生 signature 的值相同。若提供不同的時間戳記值，EPS 將無法確認您的簽章雜湊值，且會拒絕您的要求。

以下是完整授權標頭的範例：

Authorization: EAN APIKey=dkc4wrkp7w58wx5v2jxen2kx,Signature=Mgup2Azf,timestamp=1476739212

驗證授權標頭

嘗試測試要求之前，請先針對 EPS 簽章產生器測試您的專屬程式碼。

注意：NTP 時間同步

EPS 會利用網路時間通訊協定 (NTP) 同步內部伺服器的時間。若您也使用 NTP，就不會發生時間同步方面的問題。大多數的現代作業系統都支援這項或類似的時間同步服務，請查看您的 OS 文件確認。系統接受時間戳記有合理的時差，容許任一端的伺服器時間戳記最多相差五分鐘。

簽章產生程式碼範例

PHP

$apiKey = "abcdefg";
$secret = "1a2bc3";
$timestamp = time();
$authHeader = 'Authorization: EAN APIKey=' . $apiKey . ',Signature=' . hash("sha512", $apiKey.$secret.$timestamp) . ',timestamp=' . time();

JavaScript 

var crypto = require('crypto');
var request = require('request');
var apiKey = "123";
var secret="123";
var timestamp = Math.round((new Date().getTime()/1000));
var hash = crypto.createHmac('sha256', apiKey+secret+timestamp).digest('hex');
var authHeaderValue = 'EAN APIKey=' +apiKey+ ',Signature=' + hash + ',timestamp=' + timestamp;

Java

import java.io.UnsupportedEncodingException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.Timestamp;
import java.util.Date;
String apiKey = "123";
String secret = "123";
Date date= new java.util.Date();
Long timestamp = (date.getTime() / 1000);
String signature = null;
try {
   String toBeHashed = apiKey + secret + timestamp;
   MessageDigest md = MessageDigest.getInstance("SHA-512");
   byte[] bytes = md.digest(toBeHashed.getBytes("UTF-8"));
   StringBuilder sb = new StringBuilder();
   for(int i=0; i< bytes.length ;i++){
       sb.append(Integer.toString((bytes[i] & 0xff) + 0x100, 16).substring(1));
   }
   signature = sb.toString();
} catch (NoSuchAlgorithmException e) {
   e.printStackTrace();
} catch (UnsupportedEncodingException e) {
   e.printStackTrace();
}
String authHeaderValue = "EAN APIKey=" + apiKey +  ",Signature=" + signature + ",timestamp=" + timestamp;

Python

import hashlib
import datetime
apiKey = "123"
secret = "123"
timestamp = str(int(time.time()));
authHeaderValue = "EAN APIKey=" + apiKey + ",Signature=" + hashlib.sha512(apiKey+secret+timestamp).hexdigest() + ",timestamp=" + timestamp

Ruby

require 'digest'
apiKey="123"
secret="123"
timestamp = Time.now.to_i
toBeHashed = "#{apiKey}#{secret}#{timestamp}"
signature = Digest::SHA2.new(512).hexdigest(toBeHashed)
authHeaderValue = "EAN APIKey=#{apiKey},Signature=#{signature},timestamp=#{timestamp}"

C#

String apiKey = "123";
String secret = "123";
TimeSpan epochTicks = new TimeSpan(new DateTime(1970, 1, 1).Ticks);
TimeSpan unixTicks = new TimeSpan(DateTime.UtcNow.Ticks) - epochTicks;
double unixTime = (int)unixTicks.TotalSeconds;
var toBeHashed = apiKey + secret + unixTime;
var bytes = System.Text.Encoding.UTF8.GetBytes(toBeHashed);
using (var hash = System.Security.Cryptography.SHA512.Create())
{
   var hashedInputBytes = hash.ComputeHash(bytes);
   var hashedInputStringBuilder = new System.Text.StringBuilder(128);
   foreach (var b in hashedInputBytes)
       hashedInputStringBuilder.Append(b.ToString("X2"));
   var signature = hashedInputStringBuilder.ToString();
   var authHeaderValue = "EAN APIKey=" + apiKey + ",Signature=" + signature +",timestamp=" + unixTime;
}

Perl

use strict;
use Crypt::Digest::SHA512 qw(sha512_hex);
my $apiKey = '123';
my $secret = '123';
my $timestamp = time;
my $sig = sha512_hex($apiKey . $secret . $timestamp);
my $authHeaderValue = "EAN APIKey=".$apiKey.",Signature=".$sig.",timestamp=".$timestamp;
print $authHeaderValue;

保護您的共用密碼

請謹慎保管此密碼，因為提供給您的共用密碼，對於防護要求資料的安全非常重要。切勿在任何可公開存取的網站或應用程式程式碼中，加入原始值。若您已獲准整合 EPS Rapid，便會向您提供共用密碼與 API 金鑰。