Planfix API: Creating a digital signature

From Planfix
Jump to: navigation, search

The digital signature is not mandatory. Since the API request is made via SSL, which ensures the encryption of the request, additional confirmation of the request integrity is unnecessary, but you can still use it if you wish.

Form the digital signature by concatenating the function name, function call parameters, and signature key.

The parameters are concatenated according to the following principle: On an XML tree level, the parameters are sorted by name and then concatenated in order. If a parameter is a list, it is sorted by value, and its elements are concatenated. If a parameter serves as the root of a subtree, the method described above is applied to this parameter. This process continues until all elements of the XML tree have been processed.

Here is a php code example implementing the algorithm

 function implodeElements($xmlElement) {
   $result = '';
   $list = (array)$xmlElement;
   ksort($list);
   foreach ($list as $node) {
      if(is_array($node)) {		  
         $result .= implode('', array_map('implodeElements', $node));
      } else if(is_object($node)) {
         $result .= implodeElements($node);
      } else {
         $result .= $node;
      }
   }
   return $result;
  }

The obtained string is concatenated with the signature key. The MD5 sum calculation algorithm is applied to the concatenation result - this will be the digital signature.


For example, for XML

<?xml version="1.0" encoding="UTF-8"?>
<request method="auth.login">
<account>acc</account>
<password>passw</password>
<login>login</login>
</request>

The signature string will be: "auth.login"+"acc"+"login"+"passw"+privateKey = auth.loginaccloginpassw..... (instead of the dots of the signature key - PrivateKey from the keys page)


Go To