Reputation: 11
Aliexpress API signature algorithm and JavaScript
I have been working on trying to retrieve a correct signature for use in getting an access token from the aliexpress API. The signature is appended to the end of the URL and then, if the signature is correct, it gives you back the access token, refresh token, user credentials, etc. Unfortunately, I have not been able to get back the proper signature as per "platform standards". I am stumped at the moment.
What I am doing in this code is calling parameters for my app_key, timestamp, sign method and code (retrieved from the URL and stored in local storage), sorting through them so that they are in alphabetical order, concatenating the string with no spacing, encoding the string, then using CryptoJS to create a signature with my app_secret as the key. This is all per documentation, however I must be doing something slightly wrong because I am not retrieving the same string as in the example.
In the example in the documentation, the signature string looks like..
D13F2A03BE94D9AAE9F933FFA7B13E0A5AD84A3DAEBC62A458A3C382EC2E91EC
While mine looks like..
FA09CDF0AA01015E5CF20B05234D25BA00203952EA00D86EEDA7A199D3483725
const generateSign = () => {
const code = localStorage.getItem("authCode");
const params = {
app_key: appKey,
timestamp: timestamp,
sign_method: sign_method,
code: code,
};
console.log(params);
const sortedParams = Object.keys(params)
.sort()
.reduce((acc, key) => {
acc[key] = params[key];
return acc;
}, {});
console.log(sortedParams);
let concatenatedString = "";
for (const key in sortedParams) {
concatenatedString += `${key}${sortedParams[key]}`;
}
const apiName = "/auth/token/security/create";
concatenatedString = apiName + concatenatedString;
console.log(concatenatedString);
const encodedString = encodeURIComponent(concatenatedString);
console.log(encodedString);
const hash = CryptoJS.HmacSHA256(encodedString, appSecret);
console.log(hash);
const signature = hash.toString(CryptoJS.enc.Hex).toUpperCase();
console.log(signature);
return signature;
};
Upvotes: 1
Views: 679
Answers (1)
Reputation: 1
following the guide in:
the correction would be:
const generateSign = (params: { [key: string]: any }, endpoint: string) => {
// sort params in alphabetical order
const sortedParams = Object.keys(params)
.sort(
(a: string, b: string) => a > b ? 1 : -1
)
// create concatenated string with sorted params
let concatenatedString = "";
for (const key of sortedParams) {
concatenatedString += `${key}${params[key]}`;
}
// concatenate the endpoint at the start
concatenatedString = endpoint + concatenatedString;
const appSecret = process.env.ALIEXPRESS_APP_SECRET ?? "";
// encode the concatenated string
const hash = CryptoJS.HmacSHA256(concatenatedString, appSecret);
const signature = hash.toString(CryptoJS.enc.Hex).toUpperCase();
return signature;
};
Upvotes: 0
Related Questions
- How do I replace all occurrences of a string?
- Loop (for each) over an array in JavaScript
- How can I validate an email address in JavaScript?
- How can I remove a specific item from an array in JavaScript?
- Which equals operator (== vs ===) should be used in JavaScript comparisons?
- How do I remove a property from a JavaScript object?
- What does "use strict" do in JavaScript, and what is the reasoning behind it?
- How do I include a JavaScript file in another JavaScript file?
- How do JavaScript closures work?
- How to check whether a string contains a substring in JavaScript?