May 19, 2021 WeChat Mini Program Development Document
To ensure the security of open interfaces returning user data, WeChat will sign clear text data. Developers can sign packets according to business needs to ensure the integrity of the data.
Such as the data check of wx.getUserInfo:
RawData returned by the interface:
{
"nickName": "Band",
"gender": 1,
"language": "zh_CN",
"city": "Guangzhou",
"province": "Guangdong",
"country": "CN",
"avatarUrl": "http://wx.qlogo.cn/mmopen/vi_32/1vZvI39NWFQ9XM4LtQpFrQJ1xlgZxx3w7bQxKARol6503Iuswjjn6nIGBiaycAjAtpujxyzYsrztuuICqIM5ibXQ/0"
}
The user's session-key:
HyVFkGl5F5OQWJZZaNzBBg==
Therefore, the string used to sign is:
{"nickName":"Band","gender":1,"language":"zh_CN","city":"Guangzhou","province":"Guangdong","country":"CN","avatarUrl":"http://wx.qlogo.cn/mmopen/vi_32/1vZvI39NWFQ9XM4LtQpFrQJ1xlgZxx3w7bQxKARol6503Iuswjjn6nIGBiaycAjAtpujxyzYsrztuuICqIM5ibXQ/0"}HyVFkGl5F5OQWJZZaNzBBg==
The result using sha1 is
75e81ceda165f4ffa64f4068af58c64b8f54b88c
If the interface involves sensitive data, such as openId and unionId in
wx.getUserInfo
the clear text content of the interface will not contain such sensitive data. D
evelopers who need to obtain sensitive data need to symmetrically
decrypt the encrypted data (encryptedData)
returned by the interface.
The decryption algorithm is as follows:
WeChat official provides sample code for multiple programming languages ( click to download ).The interface names for each language type are consistent.The call mode can be referred to the example.
In addition, in order to apply the validity of the verification data, we will add data watermark in sensitive data (Watermark)
Watermark parameter description:
parameter | type | illustrate |
---|---|---|
watermark | OBJECT | Data watermark |
appid | String | Sensitive data home AppID, developers can verify this parameter and whether it is agreeable |
timestamp | DateInt | The timestamp acquired by sensitive data, developers can be used for data agity checks |
Interface wx.getUserInfo Watermark in sensitive data:
{
"openId": "OPENID",
"nickName": "NICKNAME",
"gender": GENDER,
"city": "CITY",
"province": "PROVINCE",
"country": "COUNTRY",
"avatarUrl": "AVATARURL",
"unionId": "UNIONID",
"watermark":
{
"appid":"APPID",
"timestamp":TIMESTAMP
}
}
Note: The previously provided encrypted data (encryptData) and corresponding encryption algorithms will be deprecated, please stop relying on the old logic.