CloudHub Docs
Download Documents


Token Generation Document

The token is generated by the combination of app_id, secretkey, channel_id, user_id, and timestamp

1. Splicing request parameters

app_id、secretkey 、channel_id、user_id、timestamp Perform stitching to generate BodyStr,Splicing rules:“app_id”+app_id+“channel_id”+channel+“timestamp”+timestamp+“user_id”+user_id

For example: app_id is ABC、secretkey is DEF、channel_id is 123456、user_id is tempuid、timestamp is 1594194452,The result is: app_idABCchannel_id123456timestamp1594194452user_idtempuid

app_idYour corporate account’s AppID。
secretkeyThe secretkey configured for your enterprise account, you can modify this configuration.
channel_idA string identifying the channel to be called, with the following range of supported character sets.
26 lowercase letters a-z
26 capital letters A-Z
10 numbers 0-9
Special characters:-_
user_idSpecify the ID of the user。
Note:: ASCII characters,Uniqueness needs to be guaranteed.
timestamptoken Valid Time Stamp,The format is the number of seconds elapsed since 0000 hours on January 1, 1970。For example, if you set the timestamp to the current timestamp plus 600 seconds, the token will expire 10 minutes after it is generated.

2. Encrypted Strings

Generate an irreversible encrypted token string secToken, with the following generation rules:

md5(md5(app_id+BodyStr) + md5(secretkey));

3. Add timestamps and combine

Put the secToken and timestamp generated in step 2 into the following map.

   "token": "<SecToken in step 2>",
   "timestamp": "<must be the same as the timestamp used in step 1>"

4. base64 encryption

Serialize the map in step 3 to a json string, then base64 process it.

5. Add a random string

The final token is obtained by stitching the result obtained in step 4 with a 16-bit random string as a mask, i.e., the result obtained in step 4 + “1234567890123456”.

Examples by language

Example of github token generation code by language:

Note: This token is generated by the user’s server side and cannot be placed directly on the client side, otherwise it affects security.