To publish a third-party software as a service (SaaS) product in Alibaba Cloud Marketplace, an independent software vendor (ISV) must define relevant SPI operations. By providing these operations, the ISV can obtain purchase information and activate the SaaS product for customers. Security verification is required for each SPI call. This topic describes the security scheme for SPI operations.
This security scheme is applicable to all SaaS products that are produced in SPI mode.
Security verification is required for each SPI call. A token is provided in each call. An ISV must verify the token after receiving it.
To generate a token, obtain all parameters except the token parameter from the HTTP GET request, arrange the parameters in alphabetical order to obtain a string, suffix the string with the security key of the ISV, and then encrypt the final string in MD5.