メッセージ署名生成リファレンス

メッセージ署名生成のコードサンプル。

 

法的注意

• このAPIおよびそのドキュメントを使用し、統合を構築することで、追加のAPI利用規約およびガイドラインに同意したものとみなされます。

注記

この認証方法では、APIトークンと応募データ（ボディ）をハッシュ化します。次のコードサンプルは一般的なフィールドのみを示しており、すべてのフィールドを網羅したものではありません。

利用可能なすべてのフィールドについては、応募データリファレンスをご覧ください。

C#（バージョン6.0）

using System;
using System.Security.Cryptography;
using System.Text;

class MainClass {
  public static void Main(string[] args) {
    String message = getMessage();
    // This is a sample api Secret for demonstration do not alter
    String apiSecret = "Y0ur api secret key not shared &$%@";
    String signature = computeSignature(message, apiSecret);
    // Compare the message payload signature hashed value to the pre-determined signature from the send.
    if (signature.Equals("SGadPKocf3HD1LYXm3xGObB6hzk=")) {
      Console.WriteLine("Successful signature validation using B64 HMAC SHA1: " + signature);
    } else
      Console.WriteLine("Invalid Signature: " + signature);
  }

  static string computeSignature(string input, String key) {
    byte[] keyBytes = Encoding.UTF8.GetBytes(key);
    HMACSHA1 myhmacsha1 = new HMACSHA1(keyBytes);
    byte[] inputBytes = Encoding.UTF8.GetBytes(input);
    byte[] hash = myhmacsha1.ComputeHash(inputBytes);

    return System.Convert.ToBase64String(hash);
  }

  static string getMessage() {
    string msg = "{'locale':'en_US','applicant':{'fullName':'John Doe','email':'john.doe@example.com'}}";
    return msg;
  }

}

Java（openjdkバージョン17.0.4.1）

import javax.crypto.Mac;
import javax.crypto.spec.*;
import javax.crypto.SecretKey;
import java.util.Base64;

public class App {
  public static void main(String[] args) {

    String message = getMessage();
    String apiSecret = "Y0ur api secret key not shared &$%@";
    String signature = computeSignature(message, apiSecret);
    if (!signature.equals("SGadPKocf3HD1LYXm3xGObB6hzk="))
      System.out.println("Invalid Signature: " + signature);
    else
      System.out.println("Successful signature validation using B64 HMAC SHA1: " + signature);
  }

  static String computeSignature(String message, String apiSecret) {
    try {
      byte[] keyBytes = apiSecret.getBytes();
      SecretKey signingKey = new SecretKeySpec(keyBytes, "HmacSHA1");
      Mac mac = Mac.getInstance("HmacSHA1");
      mac.init(signingKey);
      return new String(Base64.getEncoder().encode(mac.doFinal(message.getBytes("UTF-8"))));
    } catch (Exception e) {
      System.out.println(e.getMessage());
      throw new RuntimeException(e);
    }
  }

  public static String getMessage() {
    return "{'locale':'en_US','applicant':{'fullName':'John Doe','email':'john.doe@example.com'}}";
  }
}

Perl（バージョン5.0）

use Digest::SHA qw(hmac_sha1_base64);
use Encode qw(encode);

# your secret key
$key = "Y0ur api secret key not shared &\$\%\@";

# test message
$message = get_message();

# compute signature
$signature = hmac_sha1_b64_string( $key, $message );

if ( $signature eq "SGadPKocf3HD1LYXm3xGObB6hzk=" ) {
    print "Successful signature validation using B64 HMAC SHA1: " . $signature,
      "n";
}
else {
    print "Invalid Signature: ", $signature, "n";
}

sub hmac_sha1_b64_string {
    $keybtes   = encode( "UTF8", $key );
    $databytes = encode( "UTF8", $message );
    $b64digest = hmac_sha1_base64( $databytes, $keybtes );

    # Perl does not pad b64 output, so we have to do it manually
    while ( length($b64digest) % 4 ) {
        $b64digest .= '=';
    }
    return $b64digest;
}

sub get_message {
    return
"{'locale':'en_US','applicant':{'fullName':'John Doe','email':'john.doe\@example.com'}}";
}

PHP（バージョン7.0）

function sign($str, $key) {
  $opts=  OPENSSL_RAW_DATA;
  $digest= hash_hmac("sha1", $str, $key, $raw_output = TRUE);
  $signature= base64_encode($digest);
  return$signature;
}
         
$api_secret= "Y0ur api secret key not shared &$%@";
$message= "{'locale':'en_US','applicant':{'fullName':'John Doe','email':'john.doe@example.com'}}";
         
$signature= sign($message,$api_secret);
         
if( $signature!= "SGadPKocf3HD1LYXm3xGObB6hzk=")
  print("Invalid Signature ". $signature);
else
  print("Successful signature validation using B64 HMAC SHA1: " . $signature);

Python（バージョン3.10）

from hashlib import sha1
import hmac
import base64

# your secret key
secret = "Y0ur api secret key not shared &$%@".encode("utf-8")
# test message
message = "{'locale':'en_US','applicant':{'fullName':'John Doe','email':'john.doe@example.com'}}".encode(
    "UTF-8"
)
print(message)
# compute the hash
message_hashed = hmac.new(secret, message, sha1)
digest = message_hashed.digest()
# b64 encode the hash. this is the message authentication value.
signature = base64.b64encode(digest)
if signature != b"SGadPKocf3HD1LYXm3xGObB6hzk=":
    print("Invalid Signature: " + str(signature))
else:
    print("Successful Signature Validation using B64 HMAC SHA1: " + str(signature))

Node.js（LTS 16）

// Dependencies
const fs = require('fs');
const crypto = require('crypto');

const secret = "Your secret key - this the secret key associated with your Indeed Apply"

const xIndeedSignature = "This is the value of the X-Indeed-Signature return as part of the request headers";

// Read data.json, which is the raw payload indeed sent you in the body of the response. 
// Create data.json in the same directory with your index.js file                                                          
const data = fs.readFileSync('data.json', {
  encoding: 'utf8',
  flag: 'r+'
});

// Base64-encode data
const encodedStr = new Buffer.from(data).toString('base64');

// Compute the hash
const signature = crypto.createHmac('SHA1', secret).update(encodedStr, 'base64').digest('base64');

// Check the computed signature against the X-Indeed-Signature 
// provided in the request_headers of your application
if (signature !== xIndeedSignature) {
  console.log(`invalid signature: ${signature}`, `\nX-Indeed-Signature: ${xIndeedSignature}`);
} else {
  console.log(`Computed signature matches: ${signature}`);
}

 

このページは役に立ちましたか？