Plaintext mode
In plain text mode, the way of verifing the server is very simple. After the configuration is complete, the AIOT server will send a GET request to the developer's server address (URL). The GET request will carry a parameter echostr, which is a random string. If the third-party server receives the request, return the contents of the echostr parameter as it is, verify that the server is successful, otherwise the authentication fails. The return message format is as follows:
{ "code": 0, "result": "echostr" } We provide demo and sdk, developers can download for reference.
Safe mode
In safe mode, server verifing becomes more complex that is similar to the WeChart public platform. When the configuration is complete, the AIOT server will send a GET request to the server. The GET request carries the parameters as follows:
- signature : signature, signature combined with the developer to fill in the token parameters and requests in the timestamp parameters, nonce parameters;
- timestamp : timestamp;
- nonce : random number;
- echostr : random string.
If you confirm that the GET request is from the LUMI server, please return "echostr" that is one parameter, and then verify the server successfully.
The verification process is as follows:
- Sort the three parameter token, timestamp and nonce in the dictionary order;
- Join the three parameter strings into a string by SHA1 encryption;
- Developers compare the above string with the signature, the request is from the LUMI server if same.