4.3 KiB
This document will deal with the different types of accesses that exist on the platform.
To identify the user who owns the account where the operation is going to be carried out, it is necessary to indicate a session identifier ( session_id parameter) or sign the call with its private key ( signature parameter). In this way, these two calls to service are equivalent for all intents and purposes. For those cases in which there is no pademobile user as executor of the operation, the call with private key must be used:
- With session ID
user_id=457&country_code=MX&comando=listado&idioma=en-us&id_canal=1&session_id=9bb19a6c0a607cb8f1791207395366d6
Session sample
The session_id parameter is obtained from the call to the login service:
http://desarrollo.pademobile.com:5007/ws/users.py/login?country_code=MX&nick=test_user&pin=0000
{ {' '}
"status"
:{' '}
true
,
"e_mail"
:{' '}
""
,
"elapsed"
:{' '}
0.2370758056640625
,
"certification_data"
: <certification_data>
,
"session_id"
:{' '}
"97c4abb925c9b2046ac7432762ad1417"
,
"user_type"
:{' '}
"User b\u00e1sico"
,
"profile_id"
:{' '}
1
,
"profile_code"
:{' '}
"USER"
,
"user_id"
:{' '}
225
,
"state"
:{' '}
"Distrito Federal"
,
"phone_longitude"
:{' '}
10
,
"menu"
: <lista_acciones_menu>
,
"affiliate_user_id"
:{' '}
412
,
"currency"
:{' '}
"MXN"
,
"name"
:{' '}
"Test User"
,
"certification"
:{' '}
false
,
"phone"
:{' '}
"5012385006"
}
- With signature
user_id=457&country_code=MX&comando=listado&idioma=en-us&id_canal=1&signature=cc30e3efc7159bb10b910512ca441664c1578a4d
Signed sample
In this case an extra parameter is added to the entire original query string. This parameter will be a hash (HMAC) of the previous string, so any alteration in the parameters will cause the signed login process to fail.
This process follows these steps:
- The private key of the user identified by the user_id parameter is obtained.
- The querystringis separated from the signature parameter.
- The hash is calculated using the strings obtained in steps 1 and 2.
- If the hash obtained in the previous step and the one reported in the signature parameter are the same, the login with signature is successful and the service code is executed. Otherwise an exception is thrown.
The following Python code snippet returns the querystringprovided in the string parameter of the calculate_signature function with the signature parameter appended to the end.{' '}
This process follows the these steps:
- The private key of the user identified by the user_id parameter is obtained.
- The querystringis separated from the signature parameter.
- The hash is calculated using the strings obtained in steps 1 and 2.
- If the hash obtained in the previous step and the one reported in the signature parameter are the same, the login with signature is successful and the service code is executed. Otherwise an exception is thrown.
import hashlib
import hashlib
import hmac
def{' '}
calcular_firma
(Private key
, chain
)
:
signature = hmac
.new
(Private key
, chain
, hashlib
.sha1
)
.hexdigest
(
)
return chain{' '}
+{' '}
'&signature='{' '}
+ signature