Tuesday, June 22, 2010

For Developers - Login to Yahoo Messenger - Step 2

Generating the Signature

The most complex parameter is the signature sig. The signature verifies that the request came from your application and helps prevent replay attacks.

Although constructing the signature might seem daunting, all the components are easy to obtain. The basic algorithm for generating the signature and the URL is:

$appid = "i%3DB%26p%3DUw70JGIdHWVRbpqYItcMw--"; 
$token = "AKEaFUMk4BdbBcgMARGMFIjSrUWESUw70JGIdHWVRbpqYItcMw--";
$ts = time(); 
$secret = "a34f389cbd135de4618eed5e23409d34450"; 
$sig = md5("/WSLogin/V1/wspwtoken_login?appid=$appid&
token=$token&ts=$ts"."$secret");
$url = "https://api.login.yahoo.com/WSLogin/V1/wspwtoken_login?
appid=$appid&token=$token&ts=$ts&sig=$sig";


Note that the shared secret is used to hash the URL and create the sig parameter, but it is not a query parameter itself. When hashing the URL, you append the shared secret without any sort of &secret=.

For a more general approach to signing URLs, refer to the example PHP function described under Constructing the Login URL.









Posted by








































1 comment:













Anna Boleyn
said...






hey visit u here.... have a nice day! :)








June 30, 2010 at 2:20 AM















Post a Comment







        

      









Subscribe to:
Post Comments (Atom)