Second test丨REST API: mobile phone number replacement interface

Function Description

• Submit the token, opToken and other data obtained by the client, and return the mobile phone number after verification

calling address

• POST link

request header

• Content-Type ：application/json
• appkey：xxxxxxxxxx

Entry description

field	type	illustrate	must pass
appkey	String	app logo	Y
token	String	client token	Y
opToken	String	The operator token returned by the client	Y
operator	String	The operator returned by the client, CMCC: China Mobile Communications, CUCC: China Unicom, CTCC: China Telecom	Y
sign	String	Signature (MD5 (all parameters use the positive sequence of the key, composed of a=b&b=c+appSecret))	Y
timestamp	long	current timestamp (milliseconds)	Y
md5	String	APK's md5 signature, for example: e4caa1a08ba0570b5c1290b1a0bc9252	N

Encryption example

• parameter

"appkey" -> "2f2d7j9wf8a40"
"opToken" -> "f630dwff2f8f209c60a6449cf971ad50b3e83f4620a1536252457229836325"
"operator" -> "CUCC"
"token" -> "0:AAAAhAAAAIAIFOEDCVObiS1Pdyogg4JQw5Su4ce9rl/QVDaqKlcGDCzBssmrB3dYL3HcnNG9Gj7IzhiB/cRJF221cELTGHRiFGAjpGpjipkw/EbnoFuxjp3TPAhvprf/vqWm9dmUQCJ7P/+twKy5o5Y9XBBpD+W/jVPX/WbIQofYg3YGwAAAPDTY7g1X3rL326Dnlsifj/UDjoZ0Ftdh8qWG+ofn0P41bbO6q88id06vkU2x2eUEOb1RggqYt+BLHyG3PoLIC0AMGoUcTVyCcGYq15j+ZS23qiA2SLRYgwvvhD3N+HKTSWEPmYQDUKls5fckyQGW6x6yGB71NDUqwntBdQxwmT6W5NG379KyvPwRkZSN4cyJ29HugMMTx/0F9nF6YVgEogEHOms515lQ7f3TJqTidsVdIehQcDb2FdXnCJUjnOJTK4RWRHp9IvTxwXgmsT7WzkwWuSe/12sEx8Zdk2U66//nqgJ5c1FDbuHsqGlKA8fYyo="
"timestamp" -> 1655190952281
"appSecret" -> "9abee316611wd9ff607feb9f2c496338"

• Sort results

appkey=2f2d7j9wf8a40&opToken=f630dwff2f8f209c60a6449cf971ad50b3e83f4620a1536252457229836325&operator=CUCC&timestamp=1655190952281&token=0:AAAAhAAAAIAIFOEDCVObiS1Pdyogg4JQw5Su4ce9rl/QVDaqKlcGDCzBssmrB3dYL3HcnNG9Gj7IzhiB/cRJF221cELTGHRiFGAjpGpjipkw/EbnoFuxjp3TPAhvprf/vqWm9dmUQCJ7P/+twKy5o5Y9XBBpD+W/jVPX/WbIQofYg3YGwAAAPDTY7g1X3rL326Dnlsifj/UDjoZ0Ftdh8qWG+ofn0P41bbO6q88id06vkU2x2eUEOb1RggqYt+BLHyG3PoLIC0AMGoUcTVyCcGYq15j+ZS23qiA2SLRYgwvvhD3N+HKTSWEPmYQDUKls5fckyQGW6x6yGB71NDUqwntBdQxwmT6W5NG379KyvPwRkZSN4cyJ29HugMMTx/0F9nF6YVgEogEHOms515lQ7f3TJqTidsVdIehQcDb2FdXnCJUjnOJTK4RWRHp9IvTxwXgmsT7WzkwWuSe/12sEx8Zdk2U66//nqgJ5c1FDbuHsqGlKA8fYyo=

• Stitching appSecret

appkey=2f2d7j9wf8a40&opToken=f630dwff2f8f209c60a6449cf971ad50b3e83f4620a1536252457229836325&operator=CUCC×tamp=1655190952281&token=0:AAAAhAAAAIAIFOEDCVObiS1Pdyogg4JQw5Su4ce9rl/QVDaqKlcGDCzBssmrB3dYL3HcnNG9Gj7IzhiB/cRJF221cELTGHRiFGAjpGpjipkw/EbnoFuxjp3TPAhvprf/vqWm9dmUQCJ7P/+twKy5o5Y9XBBpD+W/jVPX/WbIQofYg3YGwAAAPDTY7g1X3rL326Dnlsifj/UDjoZ0Ftdh8qWG+ofn0P41bbO6q88id06vkU2x2eUEOb1RggqYt+BLHyG3PoLIC0AMGoUcTVyCcGYq15j+ZS23qiA2SLRYgwvvhD3N+HKTSWEPmYQDUKls5fckyQGW6x6yGB71NDUqwntBdQxwmT6W5NG379KyvPwRkZSN4cyJ29HugMMTx/0F9nF6YVgEogEHOms515lQ7f3TJqTidsVdIehQcDb2FdXnCJUjnOJTK4RWRHp9IvTxwXgmsT7WzkwWuSe/12sEx8Zdk2U66//nqgJ5c1FDbuHsqGlKA8fYyo=9abee316611wd9ff607feb9f2c496338

• Calculate MD5 result

sign -> 3f1991b27b1c86a32e661eabdd3d1f5a

request example

curl --location --request POST 'http://identify.verify.mob.com/auth/auth/sdkClientFreeLogin' \
--header 'Content-Type: application/json' \
--data-raw '{"token":"0:AAAAhAAAAIAIJn3PvTUUJ94umGqPmZCFtprF5Pg7uCxb+Opp+JtZrHIX3yxVOGEHJQLHuRLU1hlTbYyxCMfW53fuck6OL1X+01qdf+NpTVj1ApmQzapKWFB3DEPNNdyad8HwxZY/ZGWcch0Njy+Pb0TgqMwAytBWKu5vlvN9LRoWw/6F3K4BGgAAAPDHlbG1uFKewi7J1g3d6tAor/kIHG0A8csscrESYVfmVYzB6RBfQWfwDpZIYLrXOuSFdWP3bqKbEyIiqvSeY3ktxSus2lUdD6MzwYo1aXJ6oALEW/A07Qx5/3S6ClSmtGrHuzDnC6JCsmHEQWR7S2wNLSojS95Zd91AC2gpqV5tmKEaVGDc827JVEHXFX6Zr5d0pNmBHLS0b67BrNfG4v0qSgcf/OL3a1xOQVieqUDbrAPiNF7Q2wifCbj0FQyIt5+LPpOkqKDbYff21WinJMTOuOMoJcqOhrI1gUEmnHE/ZU8ZZXN52Kffd+Pk7aR7MMU=","opToken":"a53c2dc92083cb1375218a0f1dd35e0050bb26e40ba0a1536204920384995379", "appkey": "2f2d7a68f8a40", "operator": "CUCC",  "sign": "576ec00ac6ad80a2d0a92872d748e82b", "timestamp": 1655094782181}'

example response

• successful request

{
    "error": null,
    "res": "ZfukzNuB5oKbxBKxK9MoYFzr1IDZ0Z/i+xLYyq/JCAmi24DPYHdGeUqxE6OjQuP3VY1c76CyfoU=",
    "seqid": "456484936150429696",
    "status": 200
}

• Request failed

{
    "status": 4119342,
    "res": null,
    "error": "签名错误",
    "seqid": "null"
}

• response parameter

key	description
error	return code description
res	The encrypted JSON string contains the returned mobile phone number and needs to be decrypted by DES
seguid	The serial number, it may be empty when the request fails
status	return code

data decryption

The res data in the returned body needs to be decrypted with appSecet

decryption method

DES/CBC/PKCS5Padding

offset 00000000

Use base64 transcoding

field description

{   
    "isValid":1, 
    "phone": "13888888888"，
    "valid":"true"
}

field	type	must pass	illustrate
isValid	integer	Y	Verification status, 1: success, 2: failure
phone	string	Y	return phone number
valid	boolean	Y	Verification status true success false: failure

sample code

Java

import java.security.Key;
import java.security.spec.AlgorithmParameterSpec;

import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.DESKeySpec;
import javax.crypto.spec.IvParameterSpec;

public class DES {

    public static final String ALGORITHM = "DES";
    public static final String PADDING = "DES/CBC/PKCS5Padding";
    private static final byte[] DEFAULT_INITIALIZATION_VECTOR = ("00000000".getBytes());

    private String padding = PADDING;
    private AlgorithmParameterSpec paramSpec;

    public DES(String padding, byte[] initializationVectorBytes) {
        this.padding = padding;
        this.paramSpec = new IvParameterSpec(initializationVectorBytes);
    }

    public byte[] decodeBytes(byte[] data, byte[] key) throws Exception {
        Key secretKey = getKey(key);
        Cipher cipher = Cipher.getInstance(padding);
        cipher.init(Cipher.DECRYPT_MODE, secretKey, paramSpec);
        return cipher.doFinal(data);

    }

    private static Key getKey(byte[] key) throws Exception {
        DESKeySpec dks = new DESKeySpec(key);
        SecretKeyFactory keyFactory = SecretKeyFactory.getInstance(ALGORITHM);
        SecretKey secretKey = keyFactory.generateSecret(dks);
        return secretKey;
    }

    public static byte[] decode(byte[] data, byte[] key) throws Exception {
        return decode(data, key, DEFAULT_INITIALIZATION_VECTOR);
    }

    public static byte[] decode(byte[] data, byte[] key, byte[] ivBytes) throws Exception {
        DES des = new DES(PADDING, ivBytes);
        return des.decodeBytes(data, key);
    }

}

import java.util.Base64;

public abstract class Base64Utils {

    public Base64Utils() {
    }

    public static byte[] decode(byte[] src) {
        return src.length == 0 ? src : Base64.getDecoder().decode(src);
    }

}

return code

error code	illustrate
5119104	Decryption failed
5119105	service error
4119301	Data verification failed
4119302	data does not exist
5119302	data does not exist
4119303	data already exists
5119303	data already exists
4119310	token not found
5119310	token not found
4119311	token is illegal
4119330	App is not initialized
4119331	AppSecret error
5119341	Insufficient balance
5119501	unknown carrier type
5119511	AppKey每分钟验证次数超过限制
5119513	未审核的包名每天验证数量超过限制
4119521	包名没有配置
5119531	AppKey在黑名单中
5119546	[免密登录][APP每分钟]超限
5119507	免密登录失败
5119509	免密获取TOKEN失败
4119342	签名错误
4119343	timestamp错误
5119601	未设置价格