完整身份验证示例

以下是完整的多语言代码示例，演示如何对 API 请求进行签名和加密，包括 payload 的 MD5 哈希计算和 JWT 编码。

Python

import hashlib
import json
import jwt
import datetime
import requests

# 定义变量
API_KEY = "your_api_key"
PRIVATE_KEY = open("jwtECDSASHA512.key").read()

# 请求 payload
body = {"test": "data"}
body_string = json.dumps(body)

# 计算 payload 的 MD5 哈希值
md5_body = hashlib.md5(body_string.encode()).hexdigest()

# 获取当前时间戳（UTC）
now = datetime.datetime.utcnow()
timestamp = now.strftime("%Y-%m-%dT%H:%M:%S.000Z")

# 定义 JWT 头部
headers = {
    "alg": "ES512",
    "typ": "JWT"
}

# 构建 JWT payload
payload = {
    "sub": API_KEY,
    "signature": f"POST\n/test/{API_KEY}\n{md5_body}\napplication/json\n{timestamp}"
}

# 编码 JWT
token = jwt.encode(payload, PRIVATE_KEY, algorithm="ES512", headers=headers)

# 发送请求
response = requests.post(
    f"https://api-auth.sandbox.qitech.app/test/{API_KEY}",
    headers={
        "API-CLIENT-KEY": API_KEY,
        "Authorization": token,
        "Content-Type": "application/json"
    },
    json=body
)

PHP

<?php
use Firebase\JWT\JWT;

$apiKey = "your_api_key";
$privateKey = file_get_contents("jwtECDSASHA512.key");

$body = json_encode(["test" => "data"]);
$md5Body = md5($body);
$timestamp = gmdate("Y-m-d\TH:i:s.000\Z");

$payload = [
    "sub" => $apiKey,
    "signature" => "POST\n/test/{$apiKey}\n{$md5Body}\napplication/json\n{$timestamp}"
];

$token = JWT::encode($payload, $privateKey, "ES512");

Node.js

const jwt = require('jsonwebtoken');
const crypto = require('crypto');
const fs = require('fs');

const apiKey = 'your_api_key';
const privateKey = fs.readFileSync('jwtECDSASHA512.key');

const body = JSON.stringify({ test: 'data' });
const md5Body = crypto.createHash('md5').update(body).digest('hex');
const timestamp = new Date().toISOString();

const payload = {
  sub: apiKey,
  signature: `POST\n/test/${apiKey}\n${md5Body}\napplication/json\n${timestamp}`
};

const token = jwt.sign(payload, privateKey, { algorithm: 'ES512' });