156 lines
4.3 KiB
Markdown
156 lines
4.3 KiB
Markdown
This document will deal with the different types of accesses that exist on
|
|
the platform.
|
|
|
|
To identify the user who owns the account where the operation is going to
|
|
be carried out, it is necessary to indicate a session identifier (
|
|
session_id parameter) or sign the call with its private key
|
|
( signature parameter). In this way, these two calls to
|
|
service are equivalent for all intents and purposes. For those cases in
|
|
which there is no pademobile user as executor of the operation, the call
|
|
with private key must be used:
|
|
|
|
* With session ID
|
|
|
|
```javascript
|
|
user_id=457&country_code=MX&comando=listado&idioma=en-us&id_canal=1&session_id=9bb19a6c0a607cb8f1791207395366d6
|
|
```
|
|
|
|
Session sample
|
|
|
|
The session_id parameter is obtained from the call to the login service:
|
|
|
|
```javascript
|
|
http://desarrollo.pademobile.com:5007/ws/users.py/login?country_code=MX&nick=test_user&pin=0000
|
|
```
|
|
|
|
```javascript
|
|
{ {' '}
|
|
"status"
|
|
:{' '}
|
|
true
|
|
,
|
|
"e_mail"
|
|
:{' '}
|
|
""
|
|
,
|
|
"elapsed"
|
|
:{' '}
|
|
0.2370758056640625
|
|
,
|
|
"certification_data"
|
|
: <certification_data>
|
|
,
|
|
"session_id"
|
|
:{' '}
|
|
"97c4abb925c9b2046ac7432762ad1417"
|
|
,
|
|
"user_type"
|
|
:{' '}
|
|
"User b\u00e1sico"
|
|
,
|
|
"profile_id"
|
|
:{' '}
|
|
1
|
|
,
|
|
"profile_code"
|
|
:{' '}
|
|
"USER"
|
|
,
|
|
"user_id"
|
|
:{' '}
|
|
225
|
|
,
|
|
"state"
|
|
:{' '}
|
|
"Distrito Federal"
|
|
,
|
|
"phone_longitude"
|
|
:{' '}
|
|
10
|
|
,
|
|
"menu"
|
|
: <lista_acciones_menu>
|
|
,
|
|
"affiliate_user_id"
|
|
:{' '}
|
|
412
|
|
,
|
|
"currency"
|
|
:{' '}
|
|
"MXN"
|
|
,
|
|
"name"
|
|
:{' '}
|
|
"Test User"
|
|
,
|
|
"certification"
|
|
:{' '}
|
|
false
|
|
,
|
|
"phone"
|
|
:{' '}
|
|
"5012385006"
|
|
|
|
}
|
|
```
|
|
|
|
* With signature
|
|
|
|
```javascript
|
|
user_id=457&country_code=MX&comando=listado&idioma=en-us&id_canal=1&signature=cc30e3efc7159bb10b910512ca441664c1578a4d
|
|
```
|
|
|
|
Signed sample
|
|
|
|
In this case an extra parameter is added to the entire original query
|
|
string. This parameter will be a hash (HMAC) of the previous
|
|
string, so any alteration in the parameters will cause the signed login
|
|
process to fail.
|
|
|
|
This process follows these steps:
|
|
|
|
* The private key of the user identified by the user_id parameter is obtained.
|
|
* The querystringis separated from the signature parameter.
|
|
* The hash is calculated using the strings obtained in steps 1 and 2.
|
|
* If the hash obtained in the previous step and the one reported in the signature parameter are the same, the login with signature is successful and the service code is executed. Otherwise an exception is thrown.
|
|
|
|
The following Python code snippet returns the querystringprovided in the
|
|
string parameter of the calculate_signature function with the signature
|
|
parameter appended to the end.{' '}
|
|
|
|
This process follows the these steps:
|
|
|
|
* The private key of the user identified by the user_id parameter is obtained.
|
|
* The querystringis separated from the signature parameter.
|
|
* The hash is calculated using the strings obtained in steps 1 and 2.
|
|
* If the hash obtained in the previous step and the one reported in the signature parameter are the same, the login with signature is successful and the service code is executed. Otherwise an exception is thrown.
|
|
|
|
```javascript
|
|
import hashlib
|
|
|
|
import hashlib
|
|
|
|
import hmac
|
|
|
|
def{' '}
|
|
calcular_firma
|
|
(Private key
|
|
, chain
|
|
)
|
|
:
|
|
signature = hmac
|
|
.new
|
|
(Private key
|
|
, chain
|
|
, hashlib
|
|
.sha1
|
|
)
|
|
.hexdigest
|
|
(
|
|
)
|
|
return chain{' '}
|
|
+{' '}
|
|
'&signature='{' '}
|
|
+ signature
|
|
```
|