Important] Notice of API (Push Notification Function) Specification Changes

Notice

Thank you for using learningBOX.

LearningBOX will change the API specifications starting with the release of Ver. 2.19.
This announcement is for customers who use API collaboration.

API Changes

Before change

After change

Depending on the implementation method, communication may fail

Hard coding may be determined to be an invalid notification.

How to check the validity of PUSH notifications

No. 1: Retrieve the contents of the transmission.
No. 2: Remove the parameter "hash" from the transmitted content and temporarily save it.
No. 3: Add "secret" to the back without changing the order of the parameters of the submitted content.
Part 4: After concatenating the parameter values of the sent content with "|", the hash value is obtained using sha256.
No. 5: Check if the hash matches the hash obtained from the submitted content.

Sample code for PUSH notification validity check

/**
* PUSH notification validity check
* Example of notification content
* ----------------
* {
* 'param1': 'aaa',
* 'param2': 'bbb',
* 'param3': 'ccc',
* 'hash': 'ae12de'
* }
* ----------------
* * Parameters other than hash may be reordered or increased/decreased.
*/

Example of normal operation

$payload = file_get_contents('php://input'); // Get notification contents
$payload = json_decode($payload, true); // Array the notification contents
$hash = $payload['hash']; // Get hash value for verification
unset($payload['hash']); // remove hash value for verification from sent content
$payload = $payload + ['secret' => 'tatsuno123']; // add the secret key of the recipient after the notification content
if($hash === hash('sha256', implode('|', $payload))) {
// Transmission content authentication succeeded
} else {
// Transmission content authentication failed
}

Examples of defects

$payload = file_get_contents('php://input'); // Get notification contents
$payload = json_decode($payload, true); // Array the notification contents
$hash = $payload['hash']; // Get hash value for verification
$param1 = $payload['param1']; // Get parameter 1 for verification
$param2 = $payload['param2']; // Get parameter 2 for verification
$param3 = $payload['param3']; // Get parameter 3 for verification
$secret = 'tatsuno123'; // secret key to notify
if($hash === hash('sha256', $param1 . '|' . $param2 . '|' . $param3 . '|' . $secret)) {
// Transmission content authentication succeeded
// If there are any changes to the notification, the certification may not pass.
} else {
// Transmission content authentication failed
}

We apologize for any inconvenience this may cause and appreciate your understanding and cooperation.

Get started with free compliance training!
banner

  • Comment ( 0 )

  • Trackbacks are closed.

  1. No comments yet.

Related posts