Use PHP code to implement request signature and signature verification of Baidu Wenxin Yiyan API interface

Use PHP code to implement request signature and signature verification of Baidu Wenxin Yiyan API interface

1. Request signature

When using Baidu Wenxin When creating an API interface, in order to ensure the security of the request, the request needs to be signed to prevent the request from being maliciously tampered with. The following is an example of using PHP code to implement the request signature of Baidu Wenxin Yiyan API interface:

<?php

// 请求参数
$params = [
    'appid' => 'your_appid',
    'salt' => 'your_salt',
    'from' => 'zh',
    'to' => 'en',
    'q' => '你好',
];

// 将参数按照字母顺序排序
ksort($params);

// 拼接参数字符串
$paramStr = '';
foreach ($params as $key => $value) {
    $paramStr .= $key . '=' . $value;
}

// 加上密钥
$paramStr .= 'your_secret';

// 计算签名
$sign = md5($paramStr);

// 添加签名到参数列表
$params['sign'] = $sign;

// 发送请求
// ...
?>

In the above code, $params is the request parameter array, which contains appid Application ID, saltrandom string, fromsource language, totarget language, qquery string and other parameters. First use the ksort() function to sort the parameters in alphabetical order by parameter name. Then concatenate the parameters into a string in the form key=value, and add the key at the end. Finally, use the md5() function to perform signature calculation on the spliced ​​string to obtain the signature value. Finally, the signature value is added to the sign key in the parameter array, which completes the process of requesting a signature.

2. Signature Verification

When receiving the data returned by the Baidu Wenxin Yiyan API interface, we need to verify the signature of the returned data to ensure that the returned data has not been tampered with. The following is an example of using PHP code to implement signature verification of Baidu Wenxin Yiyan API interface:

<?php

// 接收到的返回数据
$responseData = [
    'code' => '0',
    'msg' => 'success',
    'data' => [
        'result' => 'Hello',
    ],
    'sign' => 'xxx',
];

// 移除sign参数
$sign = $responseData['sign'];
unset($responseData['sign']);

// 将接收到的参数按照字母顺序排序
ksort($responseData);

// 拼接参数字符串
$paramStr = '';
foreach ($responseData as $key => $value) {
    $paramStr .= $key . '=' . $value;
}

// 加上密钥
$paramStr .= 'your_secret';

// 计算签名
$calculatedSign = md5($paramStr);

// 验证签名
if ($calculatedSign === $sign) {
    // 验签通过，可以使用返回的数据
    echo '验签通过';
} else {
    // 验签失败
    echo '验签失败';
}
?>

In the above code, $responseData is the received return data, including the returned # Parameters such as ##code, msg, data, and the returned signature sign. First save the signature value into the variable $sign and remove the sign parameter from the return data.

Next, sort the received parameters in alphabetical order, then concatenate the parameters into a string in the form

key=value, and add the key at the end. Finally, use the md5() function to perform signature calculation on the spliced ​​string, and obtain the calculated signature value $calculatedSign.

Finally, compare the calculated signature value with the received signature value. If they are equal, the signature verification passes; if they are not equal, the signature verification fails.

The signature verification process of the returned data is completed.

Through the above code examples, when using the Baidu Wenxin Yiyan API interface, we can use PHP code to implement the request signature and verification functions to ensure the security of the request and the integrity of the data.

The above is the detailed content of Use PHP code to implement request signature and signature verification of Baidu Wenxin Yiyan API interface. For more information, please follow other related articles on the PHP Chinese website!