Newbie access guide


Fan service platform access process

97580f43jw1eu2giorp4aj20hi01omx2.jpg

Fans service platform development model access process

97580f43jw1eu2gippjcuj20d001hwec.jpg

Step 1: Apply for the message interface

For media, enterprise, and personal authentication accounts, click "Management Center" on the account's Profile page. Then click "Advanced Functions" in the "Fan Service" menu, where you can choose to turn on "Edit Mode" or "Development Mode".


When you choose to turn on "Development Mode", you need to fill in the URL and APPKEY, where the URL is the interface URL used by developers to receive Weibo message server data. APPKEY specifies and authorizes the developer application KEY to develop services for Weibo authenticated users. The APP Secret corresponding to the APPKEY will be used to generate a signature (the signature will be compared with the signature contained in the interface URL to verify request security).


xinshoujieruzhinan_shenqingxiaoxijiekou.jpg

Second step: Verify the validity of the URL

When a developer uses the event push service for the first time, he or she needs to pass a verification to establish the first connection with the Weibo server. The details are as follows: Said:


After the developer submits the information, the Weibo message server will send a GET request to the filled-in URL. The GET request carries four parameters:


QQ截图20170210141919.pngAfter receiving the request, the developer first verifies the authenticity of the GET request through the encrypted signature parameter. If it is confirmed that the GET request comes from the Weibo server, the echostr parameter content can be returned as it is to successfully establish the first time. connection, otherwise the connection fails.


The encryption rules for signature parameters are:

After sorting the developer’s appsecret, timestamp parameters, and nonce parameters into a dictionary, the three parameter strings are spliced ​​into one The string is encrypted with sha1Verification parameters:

appsercret=xyz123xyz timestamp=1397022061823 NONCE = 57155157

n Results:

stepping string string is: 139702206182357155157xyz123xyz

## SHA1 The result is: 90E4C22C90A58F2652DDD5B6C56C c8822edeaa1

An example of a request to verify url validity is: http://yoururl?nonce=57155157×tamp=1397022061823&echostr=dnPdpTZz85&signature=90e4c22c90a58f26526c2dd5b6c56c8822edeaa1

If the value of echostr is returned (d in this example) nPdpTZz85) Then pass the url verification.


PHP code example: 

function checkSignature() {
        $signature = $_GET["signature"];
        $timestamp = $_GET["timestamp"];
        $nonce = $_GET["nonce"];	
        		
	$appsecret= appsecret;  //开发者的appsecret
	$tmpArr = array($appsecret, $timestamp, $nonce);
	sort($tmpArr, SORT_STRING);
	$tmpStr = implode( $tmpArr );
	$tmpStr = sha1( $tmpStr );
	
	if( $tmpStr == $signature ){
		return true;
	}else{
		return false;
	}
}


php sample code download: download

java sample code download: download

Step 3: Become a developer and obtain access_token

After successfully verifying the validity of the URL, the access will take effect and become a developer. From then on, the user will send a message to the Weibo authentication account every time, or When a custom menu click event occurs, the response URL will be pushed.

In addition, after the first connection is established, each subsequent Weibo event push will also carry three parameters: signature, timestamp, and nonce. Developers can still judge the authenticity of this message by verifying the signature. , the verification method is the same as the first connection establishment. In addition, please note that the pink server platform development interface only supports interface 80.


After the URL is successfully verified, the pink server platform will automatically return an access_token, as shown in the figure below:

Developers do not need an access_token to use the functions of receiving messages and sending passive messages. However, many other interfaces in the pink server development mode, such as sending passive response messages, require the access_token parameter as a credential when calling;

getaccesstoken2014.jpg

##About access_token For more introduction, please see:

Obtain the access token of the fan service platform development interface

Attachment: Long connection mode

In addition to the above

Push access mode In addition, we also provide additional Long connection access mode. Except for the different technical methods of access, the functions of this mode are exactly the same.

The characteristic of the long connection mode is that third-party developers actively establish connection requests. After the long connection is established, new message events will be returned to the third-party developers in real time instead of passively waiting for Weibo Third-party developers have more control over the GET request of the message server, but the corresponding development difficulty will be greater.