Instagram API强制签名请求签名与错误

时间:2015-09-03 16:40:38

标签: instagram-api

Instagram文档:https://instagram.com/developer/secure-api-requests/

目标:使用Instagram API遵守[now mandatory]强制签名请求功能。

功能性问题:不合规IG Like限制为每小时30次。遵守允许每小时100次

技术问题:在对媒体API进行简单调用时会返回以下错误:

{"code": 403, "error_type": "OAuthForbiddenException", "error_message": "Invalid signed-request: Signature does not match"}

Instagram客户端设置:客户端ID,客户端密钥,重定向URI均经过验证,与PHP代码的所有部分中使用的内容相匹配。同时选中“禁用隐式OAuth”和“强制签名请求”。

代码说明:与IG创建握手需要三段不同的代码:1。标题2.访问令牌[即“access_token”] 3.使用Sig进行呼叫[即“sig” - 不要与“签名”混淆]。我已经确认在所有代码段中都使用了相同的client_id,client_secret和access_token。注意:在强制合规之前,第1部分和第2部分工作正常。他们仍然工作正常,但我只得到30次/小时[即主要功能问题]

标题代码:

$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
$this->signature = $ip .'|'. hash_hmac('sha256', $ip, $this->settings['client_secret'], false);

访问令牌代码,使用类似于{“access_token”的数组成功返回:“11deadbee7.7dded5e.c0d656eead134218beef31a61b45e4d9”,...} 

$apiData = array(
 'grant_type'      => 'authorization_code',
 'client_id'       => $this->getApiKey(),
 'client_secret'   => $this->getApiSecret(),
 'redirect_uri'    => $this->getApiCallback(),
 'code'            => $code
);
$ch = curl_init();
$xHeaderFront = 'X-Insta-Forwarded-For:';
$xHeader = $xHeaderFront.$this->signature;
curl_setopt($ch, CURLOPT_URL, $apiHost);
curl_setopt($ch, CURLOPT_POST, count($apiData));
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($apiData));
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Accept: application/json'));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
$jsonData = curl_exec($ch);
curl_close($ch);

用Sig打电话。这将返回错误{“code”:403,“error_type”:“OAuthForbiddenException”,“error_message”:“无效的签名请求:签名不匹配”}:

$params = array(); //temporary to force a simple set of parameters
$params['count']=10;
$params['access_token'] = $this->getAccessToken(); //11deadbee7.7dded5e.c0d656eead134218beef31a61b45e4d9 masked, but kept for ease of comparison]
$endpoint = '/media/657988443280050001_25025320'; //temporary
$sig = $endpoint;
ksort($params);
foreach ($params as $key => $val) {
    $sig .= "|$key=$val";
}
$enforcedSig = hash_hmac('sha256', $sig, $secret, false);
$apiCall = 'https://api.instagram.com/v1/media/657988443280050001_25025320/likes?sig='.$enforcedSig.'&count=10&access_token='.$params['access_token'];
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $apiCall);
$xHeaderFront = 'X-Insta-Forwarded-For:';
$xHeader = $xHeaderFront.$this->signature;
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Accept: application/json',$xHeader));
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);        
$jsonData = curl_exec($ch);
curl_close($ch);

1 个答案:

答案 0 :(得分:1)

您的$端点似乎是错误的。
添加" / likes"。

$endpoint = '/media/657988443280050001_25025320/likes'; //temporary
相关问题
最新问题