API 使用 sha512、base64、UTC 时间戳和 Javascript/Node 的授权

API authorization using sha512, base64, UTC timestamp with Javascript/Node

我正在尝试访问我们的支付提供商 API,但我一直收到 403 响应(禁止)。我已经三次检查凭据,它们是正确的。这是身份验证说明:

Every request to the API must be authenticated by using the Authorization HTTP request-header.

Place the timestamp in the "Timestamp" header. The value should be the time the message was created and sent in UTC.

The authorization header is calculated for each request using the following formula.

base64 ({MerchantId}: sha512 (RequestBody + SecretWord + Timestamp))

Example:

'Timestamp': 2016-11-16 13:21:02

'Authorization': Svea TQ1Q0MzNDJERkQxRDRDRTgxQzM2NjNGRjAwMTg3RTE3M0NDNg==

完整文档 Here.

这是我得到的代码:

import axios from "axios";
import CryptoJS from "crypto-js";

// Below function returns the date in the following format "#YYYY#-#MM#-#DD# #hh#:#mm#:#ss#" in UTC time. 
//Code for customFormat is omitted but it returns a string in the expected for`enter code here`mat.
 
      function customDate() {
        let now = new Date();
        return now.customFormat("#YYYY#-#MM#-#DD# #hh#:#mm#:#ss#");
      }

      let timeStamp = customDate();
      let id = 123456; //Not the actual id, but same format (6 digits).
      let secret = "AaBb123C345De"; //Not the actual secret. Actual secret is a long string of digits and letters
      let body = "";

      let hashString = CryptoJS.SHA512(
        `${body}${secret}${timeStamp}`
      ).toString();

      hashString = hashString.replace(/\-/, "");

      console.log(timeStamp);

      axios
        .get(
          "https://paymentadminapi.svea.com/api/v1/orders/123",
          {
            headers: {
              "Timestamp": timeStamp,
              "Authorization": "Svea " + btoa(`${id}:${hashString}`),
            },
          }
        )
        .then((res) => {
          console.log(res.data);
        })
        .catch((error) => {
          console.error(error);
        });

这本应该获得某个订单号(在此示例代码中为 123),但它不起作用(响应 403),所以任何人都可以告诉我我做错了什么吗?谢谢!

我明白了。简单的人为错误。 customDate return 今天的日期采用这种格式,2021-05-25 08:20:02 但这是预期的格式,2021-5-25 8:20:2。小于10时为个位数

我用这个替换了 customDate 函数:

      const now = new Date();
      const year = now.getUTCFullYear();
      const month = now.getUTCMonth() +1; // January = 0
      const day = now.getUTCDate();
      const hour = now.getUTCHours();
      const minute = now.getUTCMinutes();
      const sec = now.getUTCSeconds();

      const timeStamp = `${year}-${month}-${day} ${hour}:${minute}:${sec}`;

现在可以了。也许有更好的方法来获取特定 UTC 格式的日期,但这对我有用。