All Products
Search
Document Center

Key management

Last Updated: Apr 01, 2021

To enhance interaction security between MPS and your server, MPS will sign and verify all data passed through APIs. In addition, MPS provides a key management page, on which you can perform key configuration.

  • Configure push API

    MPS provides RESTful APIs. To ensure data security, MPS will verify the caller’s identity. Therefore, before calling an API, you must use the RSA algorithm to sign the request and configure a key for identity verification in the API configuration area on the Key management page of the MPS console.

  • Configure callback API

    To receive a receipt of the message sending result, configure the URL of the target RESTful callback API in the Callback API configuration area on the Key management page of the MPS console, and obtain the public key. This is because MPS will sign request parameters when calling a callback API. You need to use the public key to verify the request signature.

Configure push API

Prerequisites

Before configuring the push API, you have used the RSA algorithm to generate a 2048-bit public key.

  • RSA public key generation method is as follows:
    1. Download and install the OpenSSL tool (version 1.1.1 or above) from OpenSSL official website.
    2. Open the OpenSSL tool and use the following command line to generate a 2048-bit RSA private key.
      1. openssl genpkey -algorithm RSA -out private_key.pem -pkeyopt rsa_keygen_bits:2048
    3. Generate an RSA public key based on the RSA private key.
      1. openssl rsa -pubout -in private_key.pem -out public_key.pem
  • The signing rules are as follows:
    • Use the SHA-256 signature algorithm.
    • Convert the signature to a base64 string.
    • Replace the plus sign (+) and forward slash (/) in the base64 string with a minus sign (-) to get the final signature.

Procedure

Log in to the mPaaS console, select the target app, and perform the following steps to configure the push API:

  1. On the left-side navigation pane, choose Message Push Service.
  2. Click the Key management tab.
  3. Click Configure in the upper right corner of the API configuration area.
    1

    Field Required Description
    Status Yes Specifies whether to enable the push API. When it is on, the API provided by MPS can be called. When it is off, the API cannot be called.
    Encryption method No Only the RSA algorithm is available.
    RSA public key No Enter a 2048-bit public key.
    After you use a private key to sign request parameters, MPS will use the public key to decrypt them to verify the caller’s identity.
    Note: Ensure that the public key is set correctly and does not contain spaces. Otherwise, the API call will fail. For more information about API calls, see API reference.
  4. Click OK to save the settings.

Configure callback API

Log in to the mPaaS console, select the target app, and perform the following steps to configure the callback API:

  1. On the left-side navigation pane, choose Message Push Service.
  2. Click the Key management tab.
  3. Click Configure in the upper right corner of the Callback API configuration area. The configuration button is as shown in the following figure.
    2

    Field Required Description
    Status Yes Specifies whether to enable the callback API. MPS will send a receipt to your server according to the configuration only after the API is enabled.
    Callback interface URL Yes Enter the URL of the callback API. The URL must be an HTTP request URL that can be visited in the public network. MPS uses the private key to sign the POST request body and passes the signed content as the sign parameter.
    Encryption method No MPS uses the RSA algorithm to sign the POST request body.
    RSA public key No The system automatically sets this parameter and you cannot modify it. After obtaining the POST request body and the sign parameter, your server needs to use the public key to verify that the request is sent by MPS and has not been tampered with during data transmission. For more information about signature verification, see API reference > HTTP call.
  4. Click OK to save the settings.

    Note:
    The time when MPS executes a callback varies with the push channel.
    • Third-party channel (FCM/APNs/Xiaomi/Huawei/OPPO/vivo): A callback is executed when the third-party service is called successfully.
    • MPS self-built channel: A callback is executed when a message is pushed successfully.

Code sample

  1. /**
  2. * Alipay.com Inc. Copyright (c) 2004-2020 All Rights Reserved.
  3. */
  4. package com.callback.demo.callbackdemo;
  5. import com.callback.demo.callbackdemo.util.SignUtil;
  6. import org.springframework.stereotype.Controller;
  7. import org.springframework.web.bind.annotation.RequestBody;
  8. import org.springframework.web.bind.annotation.RequestMapping;
  9. import org.springframework.web.bind.annotation.RequestMethod;
  10. import org.springframework.web.bind.annotation.RequestParam;
  11. /**
  12. *
  13. * @author yqj
  14. * @version $Id: PushCallbackController.java, v 0.1 2020.03.22 11:20 AM yqj Exp $
  15. */
  16. @Controller
  17. public class PushCallbackController {
  18. /**
  19. * Copy the RSA public key configured for the callback API on the message push console.
  20. */
  21. private static final String pubKey = "";
  22. @RequestMapping(value = "/push/callback" ,method = RequestMethod.POST)
  23. public void callback(@RequestBody String callbackJson, @RequestParam String sign) {
  24. System.out.println(sign);
  25. // Signature verification
  26. sign = sign.replace('-','+');
  27. sign = sign.replace('_','/');
  28. if(!SignUtil.check(callbackJson,sign,pubKey,"UTF-8")){
  29. System.out.println("Signature verification failed");
  30. return;
  31. }
  32. System.out.println ("Signature verification succeeded");
  33. // JSON message body
  34. System.out.println(callbackJson);
  35. }
  36. }

callbackJson specifies the JSON request body. An example is as follows:

  1. {
  2. "extInfo":{
  3. "adToken":"da64bc9d7d448684ebaeecfec473f612c57579008343a88d4dbdd145dad20e84",
  4. "osType":"ios"
  5. },
  6. "msgId":"console_1584853300103",
  7. "pushSuccess":true,
  8. "statusCode":"2",
  9. "statusDesc":"Acked",
  10. "targetId":"da64bc9d7d448684ebaeecfec473f612c57579008343a88d4dbdd145dad20e84"
  11. }

The following table describes each field in callbackJson. You can click here to download the callback code sample.

Field Description
msgId The ID of the service message to be pushed.
pushSuccess Indicates whether the message is pushed successfully.
statusCode The message status code.
statusDesc The description of the message status code.
targetId The target ID.