Question

我正在尝试使用CURL PHP获取Walmart Seller API以确认。任何人都可以建议我需要使用哪个RSA PHP库？因此，在调用沃尔玛时验证身份验证签名。

有这方面的经验吗？

$headers = array(
    'WM_SVC.NAME: Walmart Marketplace',
    'WM_QOS.CORRELATION_ID: 14730688612',
    'WM_SEC.TIMESTAMP:14730688612',
    'WM_SEC.AUTH_SIGNATURE: XXXXXXXXXXX'
    'WM_CONSUMER.ID: XXXXXXXXXXX',
    'Content-Type: application/xml',
    'Accept: application/xml',
 );


$ch = curl_init();
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_URL,$requestUrl);
curl_setopt($ch, CURLOPT_HEADER, TRUE);
curl_setopt($ch, CURLOPT_VERBOSE, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'GET');
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
$result = curl_exec( $ch );
if(curl_errno($ch)):
    echo 'Curl error: '.curl_error($ch);
endif;

我使用了google搜索时找到的引用。

 - https://github.com/fillup/walmart-auth-signature-php

Answer 1

最困难的部分是生成签名并使其正常工作。

我从各个地方抽出了很多这些作品给出了一个直截了当的例子，所以希望它能起作用。

假设我们想要进行GET调用以获取所有Feed状态。

// Your walmart info from walmart admin
$walmart_consuer_id = XXXXXXXXXXXXX;
$walmart_channel_type = XXXXXXXXXXXX;

$request_type = "GET";

$url = "https://marketplace.walmartapis.com/v2/feeds";

// We need a timestamp to generate the signature and to send as part of the header
$timestamp = round(microtime(true) * 1000);

$signature = getClientSignature($url, $request_type, $timestamp);

$headers = array();
$headers[] = "Accept: application/xml";
$headers[] = "WM_SVC.NAME: Walmart Marketplace";
$headers[] = "WM_CONSUMER.ID: ".$walmart_consuer_id;
$headers[] = "WM_SEC.TIMESTAMP: ".$timestamp;
$headers[] = "WM_SEC.AUTH_SIGNATURE: ".$signature;
$headers[] = "WM_QOS.CORRELATION_ID: ".mt_rand();
$headers[] = "WM_CONSUMER.CHANNEL.TYPE: " .$walmart_channel_type;

$ch = curl_init($url);
curl_setopt($ch, CURLOPT_FAILONERROR, true);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, $request_type);
curl_setopt($ch, CURLOPT_AUTOREFERER, true);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);

$result = curl_exec($ch);

function getClientSignature($url, $request_type, $timestamp) {
  // Your walmart info from walmart admin
  $walmart_secret = XXXXXXXXXXXXXXXX;
  $walmart_consuer_id = XXXXXXXXXXXXX;

  // Get an openssl usable private key from the walmart supplied secret
  $pem = pkcs8_to_pem(base64_decode($walmart_secret));
  $private_key = openssl_pkey_get_private($pem);

  // Construct the data we want to sign
  $data = $walmart_consuer_id."\n";
  $data .= $url."\n";
  $data .= $request_type."\n";
  $data .= $timestamp."\n";

  // Sign the data
  $hash = defined("OPENSSL_ALGO_SHA256") ? OPENSSL_ALGO_SHA256 : "sha256";
  if (!openssl_sign($data, $signature, $private_key, $hash)) {
    // ERROR
    return null;
  }

  return base64_encode($signature);
}

function pkcs8_to_pem($der) {

  static $BEGIN_MARKER = "-----BEGIN PRIVATE KEY-----";
  static $END_MARKER = "-----END PRIVATE KEY-----";

  $value = base64_encode($der);

  $pem = $BEGIN_MARKER . "\n";
  $pem .= chunk_split($value, 64, "\n");
  $pem .= $END_MARKER . "\n";

  return $pem;
}

Answer 2

在2018年8月之后的新API中，您必须生成访问令牌，然后使用完全独立的身份验证标头从其API中提取任何内容。花了几个小时才弄清楚这一点，所以我希望这对以后的人有所帮助。

（这适用于Marketplace API，但适用于任何Walmart API）

要生成访问令牌，必须传递以下标头：

Array(
[0] => Authorization: Basic BASE64_ENCODED_VARIABLE (see below)
[1] => Content-Type: application/x-www-form-urlencoded
[2] => Accept: application/json
[3] => WM_SVC.NAME: Walmart Marketplace
[4] => WM_QOS.CORRELATION_ID: 10_DIGIT_RANDOM_GENERATED_ALPHANUMERIC_ID
[5] => WM_SVC.VERSION: 1.0.0
[6] => WM_CONSUMER.CHANNEL.TYPE: PROVIDED_WHEN_GENERATING_CLIENT_ID_AND_SECRET
)

要生成BASE64_ENCODED_VARIABLE，请使用base64_encode创建一个变量，如下所示：

$auth = base64_encode($clientId . ":" . $clientSecret);

...其中，客户端ID和客户端密钥是从沃尔玛的开发人员门户API区域生成的。

=========================================

在将数据成功发布到沃尔玛并收到访问令牌作为回报后，您想在您使用沃尔玛进行的任何API调用中传递以下标头：

Array(
[0] => Authorization: Basic BASE64_ENCODED_VARIABLE (as described above)
[1] => WM_SVC.NAME: Walmart Marketplace
[2] => WM_QOS.CORRELATION_ID: 10_DIGIT_RANDOM_GENERATED_ALPHANUMERIC_ID
[3] => WM_CONSUMER.CHANNEL.TYPE: PROVIDED_WHEN_GENERATING_CLIENT_ID_AND_SECRET
[4] => WM_SEC.ACCESS_TOKEN: GENERATED_FROM_PREVIOUS_STEP (returned as [access_token])
[5] => Content-Type: application/json
[6] => Accept: application/json
)

...然后拨打电话。

这是在连续不断收到UNAUTHORIZED.GMP_GATEWAY_API错误之后最终为我工作的原因。

传递“ Authorization：Bearer TOKENTOKENTOKEN”，而不是我上面 将不起作用 列出的方式作为身份验证标头。相信我：-）

Answer 3

<?php
$consumer_id='xxxxxxxxxx';
$private_key='xxxxxxxxxx';
$timestamp='xxxxxxxx';
$correlation_id='xxxxxxxxxxx';
$channel_id='xxxxxxxxxx';

$endPoint = "v3/feeds?feedType=item";
$requestUrl = "https://marketplace.walmartapis.com/$endPoint";
$requestMethod = 'POST';
$signature = new Signature($consumer_id, $private_key, $requestUrl,       $requestMethod);
$actual_signature = $signature->getSignature($timestamp);

$file = '..../walmart_product.xml';

$headers = [];
$headers[] = "WM_SVC.NAME: Walmart Marketplace";
$headers[] = "WM_QOS.CORRELATION_ID: ".$correlation_id;
$headers[] = "WM_SEC.TIMESTAMP: ".$timestamp;
$headers[] = "WM_SEC.AUTH_SIGNATURE: ".$actual_signature;
$headers[] = "WM_CONSUMER.ID: " .$consumer_id;
$headers[] = "Content-Type: multipart/form-data";
$headers[] = "Accept: application/xml";
$headers[] = "WM_CONSUMER.CHANNEL.TYPE: ".$channel_id;
$headers[] = "HOST: marketplace.walmartapis.com";


$body ['file'] = new \CurlFile ( $file, 'application/xml' );

$ch = curl_init ();
curl_setopt ( $ch, CURLOPT_URL, $requestUrl );
curl_setopt ( $ch, CURLOPT_HTTPHEADER, $headers );
curl_setopt ( $ch, CURLOPT_HEADER, 1 );
curl_setopt ( $ch, CURLOPT_POST, 1 );
curl_setopt ( $ch, CURLOPT_POSTFIELDS, $body );
curl_setopt ( $ch, CURLOPT_SSL_VERIFYPEER, 0 );
curl_setopt ( $ch, CURLOPT_RETURNTRANSFER, true );
$server_output = curl_exec ( $ch );
?>

Answer 4

$ch = curl_init();

$headers = $actual;

$qos = uniqid();

$url='https://api-gateway.walmart.com/v3/items';

$options = 
array (
    CURLOPT_URL => $url,

    CURLOPT_RETURNTRANSFER => true,

    CURLOPT_TIMEOUT => 60,

    CURLOPT_HEADER => false,

    CURLOPT_POST => 1,

    CURLOPT_HTTPHEADER => array(
    'WM_SVC.NAME: Drop Ship Vendor Services',

    'WM_QOS.CORRELATION_ID:'.$qos,

    'WM_SEC.TIMESTAMP:1451606400',

    'WM_SEC.AUTH_SIGNATURE: '.$headers,

    'WM_CONSUMER.ID:'.$WalmartConsumerID
,
    'WM_CONSUMER.CHANNEL.TYPE:**********',

    'Accept: application/xml'
        ),

    CURLOPT_HTTPGET => true
);

curl_setopt_array($ch, $options);

$response = curl_exec ($ch);

print_r($response);

沃尔玛卖家API POST无法正常工作，仅授予401 PHP许可

4 个答案: