All Products
Search
Document Center

Mobile Platform as a Service:Key management

Last Updated:Sep 18, 2023

To enhance interaction security between MPS and your business system, MPS will sign and verify all data passed through APIs. In addition, MPS provides a key management page, on which you can perform key configuration.

  • Configure push API

    MPS provides RESTful APIs. To ensure data security, MPS will verify the caller's identity. Therefore, before calling an API, you must use the RSA algorithm to sign the request and configure a key for identity verification in the Push API configuration area on the Key management page of the MPS console.

  • Configure callback API

    To receive a receipt of the message sending result, configure the URL of the target RESTful callback API in the Callback API configuration area on the Key management page of the MPS console, and obtain the public key. This is because MPS will sign request parameters when calling a callback API. You need to use the public key to verify the request signature.

Configure push API

Prerequisites

Before configuring the push API, you have used the RSA algorithm to generate a 2048-bit public key.

  • RSA public key generation method is as follows:

    1. Download and install the OpenSSL tool (version 1.1.1 or above) from OpenSSL official website.

    2. Open the OpenSSL tool and use the following command line to generate a 2048-bit RSA private key.

      openssl genpkey -algorithm RSA -out private_key.pem -pkeyopt rsa_keygen_bits:2048
    3. Generate an RSA public key based on the RSA private key.

      openssl rsa -pubout -in private_key.pem -out public_key.pem
  • The signing rules are as follows:

    • Use the SHA-256 signature algorithm.

    • Convert the signature to a base64 string.

    • Replace the plus sign (+) and forward slash (/) in the base64 string with a minus sign (-) to get the final signature.

Procedure

Complete the following steps to configure the push API:

  1. Log in to the mPaaS console, select the target app, and go to the Message Push Service > Settings page.

  2. On the right side of the page, click the Key management tab to enter the key management page.

  3. Click Configure in the upper right corner of the Push API configuration area.

    Field

    Required

    Description

    Status

    Yes

    Specifies whether to enable the push API. When it is on, the API provided by MPS can be called. When it is off, the API cannot be called.

    Encryption method

    No

    Only the RSA algorithm is available.

    RSA public key

    No

    Enter a 2048-bit public key.

    After you use a private key to sign request parameters, MPS will use the public key to decrypt them to verify the caller's identity.

    Important

    Ensure that the public key is set correctly and does not contain spaces. Otherwise, the API call will fail. For more information about API calls, see API reference.

  4. Click OK to save the settings.

Configure callback API

Log in to the mPaaS console, select the target app, and perform the following steps to configure the callback API:

  1. On the Key management page, click Configure in the upper right corner of the Callback API configuration area.

    Field

    Required

    Description

    Status

    Yes

    Specifies whether to enable the callback API. MPS will send a receipt to your server according to the configuration only after the API is enabled.

    Callback API URL

    Yes

    Enter the URL of the callback API. The URL must be an HTTP request URL that can be visited in the public network. MPS uses the private key to sign the POST request body and passes the signed content as the sign parameter.

    Encryption method

    No

    MPS uses the RSA algorithm to sign the POST request body.

    RSA public key

    No

    The system automatically sets this parameter and you cannot modify it. After obtaining the POST request body and the sign parameter, your server needs to use the public key to verify that the request is sent by MPS and has not been tampered with during data transmission. For more information about signature verification, see API reference > HTTP call.

  2. Click OK to save the settings.

    The time when MPS executes a callback varies with the push channel.

    Note
    • Vendor channels (FCM/APNs/Xiaomi/Huawei/OPPO/vivo): A callback is executed when the third-party service is called successfully.

    • MPS self-built channel: A callback is executed when a message is pushed successfully.

Code sample

/**
 * Alipay.com Inc. Copyright (c) 2004-2020 All Rights Reserved.
 */
package com.callback.demo.callbackdemo;

import com.callback.demo.callbackdemo.util.SignUtil;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;

/**
 *
 * @author yqj
 * @version $Id: PushCallbackController.java, v 0.1 2020.03.22 11:20 AM yqj Exp $
 */
@Controller
public class PushCallbackController {

    /**
     * Copy the RSA public key configured for the callback API on the message push console.
     */
    private static final String pubKey = "";


    @RequestMapping(value = "/push/callback" ,method = RequestMethod.POST)
    public void callback(@RequestBody String callbackJson, @RequestParam String sign) {
        System.out.println(sign);
        // Signature verification
        sign = sign.replace('-','+');
        sign = sign.replace('_','/');
        if(!SignUtil.check(callbackJson,sign,pubKey,"UTF-8")){
            System.out.println("Signature verification failed");
            return;
        }
        System.out.println ("Signature verification succeeded");
        // JSON message body
        System.out.println(callbackJson);

    }

}

callbackJson specifies the JSON request body. An example is as follows:

{
    "extInfo":{
        "adToken":"da64bc9d7d448684ebaeecfec473f612c57579008343a88d4dbdd145dad20e84",
        "osType":"ios"
    },
    "msgId":"console_1584853300103",
    "pushSuccess":true,
    "statusCode":"2",
    "statusDesc":"Acked",
    "targetId":"da64bc9d7d448684ebaeecfec473f612c57579008343a88d4dbdd145dad20e84"
}

The following table describes each field in callbackJson. You can click here to download the callback code sample.

Field

Description

msgId

The ID of the service message to be pushed.

pushSuccess

Indicates whether the message is pushed successfully.

statusCode

The message status code.

statusDesc

The description of the message status code.

targetId

The target ID.