API鉴权
(1) 原理
e签宝API服务使用OAuth2.0的客户端鉴权方式,所有api访问前需要先获取access_token, 再携带access_token访问具体的业务API。在只需访问自身资源情况下,可只使用client_credentials模式,存在跨应用使用的情况下,需使用Authorization Code模式。 详细鉴权原理参考 https://tools.ietf.org/html/rfc6749
(2)获取access_token
请求access_token时需携带appid和app_secrect,示例: 请求示例:
GET https://openapi.esign.cn/v1/oauth2/access_token?appId=11&secret=4a563e406fc6356ed44924aa69191b8c&grantType=client_credentials
响应示例:
{
"success": true,
"message": "执行成功",
"data": {
"token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJnSWQiOiI5MGYwMDcxOGYzYWY0YTJiYWY4NzllOTY3YzNkODA3NSIsImFwcElkIjoiMzQzODc1NzAxNyIsImNhbGxzY29wZSI6W10sInRpbWVzdGFtcCI6MTU0NTEyMzgyNzI5NH0.2ZtkKdEt8catRbtgBgSG9ckndDQuoXMxtw7PjUlTrkY",
"expiresIn": 1545123827385,
"refreshToken": "sgDVhrZfHd3zB953C58jRg=="
}
}
(3)刷新access_token
access_token可通过refresh_token刷新 请求示例:
GET https://openapi.esign.cn/v1/oauth2/refresh_token?appId=3438757017&grantType=refresh_token&refreshToken=sgDVhrZfHd3zB953C58jRg==
响应示例:
{
"success": true,
"message": "执行成功",
"data": {
"token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJnSWQiOiI5MGYwMDcxOGYzYWY0YTJiYWY4NzllOTY3YzNkODA3NSIsImFwcElkIjoiMzQzODc1NzAxNyIsImNhbGxzY29wZSI6W10sInRpbWVzdGFtcCI6MTU0NTEyMzgyNzI5NH0.2ZtkKdEt8catRbtgBgSG9ckndDQuoXMxtw7PjUlTrkY",
"expiresIn": 1545123827385,
"refreshToken": "sgDVhrZfHd3zB953C58jRg=="
}
}
(4)访问业务api
访问业务api统一使用自定义HTTP头传输appid和access_token
GET /v1/xxx HTTP/1.1
Host: openapi.esign.cn
X-Tsign-Open-App-Id: appid
X-Tsign-Open-Token: access_token
Accept: */*