Obtain the signature algorithm

SignatureValidator is a parameter signature verification tool based on the HMAC-SHA256 algorithm, specifically designed for API security. It ensures data integrity and authenticity by generating digital signatures for request parameters, preventing parameter tampering and replay attacks.

Algorithm Principles

Signature Generation Process

Request Parameters → Filter Invalid Values → Sort by Key → Construct Signature String → HMAC-SHA256 → Signature

Detailed Steps:

Step 1: Parameter Filtering
Automatically exclude fields that do not participate in signing:

sign, signature (the signature fields themselves)

None, empty string '', empty dictionary {}, empty list []

Step 2: Parameter Sorting
Sort by the ASCII code of parameter names (keys) in ascending order (lexicographical order) to ensure consistent results across different language implementations.

Step 3: Parameter Serialization

Simple Values: Directly convert to strings (str(value))

Complex Types (dict/list): Serialize to JSON strings (compact format, no spaces, key-sorted)

Example:

Step 4: URL Encoding
Use encodeURIComponent-compatible encoding to encode keys and values, handling special characters.

Step 5: Construct Signature String
Format: key1=value1&key2=value2&key3=value3

Example:

email=ron%40ehido.kp&user_name=Franklin%20Santos%20%E4%BD%A0%E5%A5%BD%E5%90%83

Step 6: HMAC-SHA256 Signature

Algorithm Principles#

Signature Generation Process#

Detailed Steps:#

Python Code Example#

Algorithm Principles

Signature Generation Process

Detailed Steps:

Python Code Example