Instagram API 强制签名请求签名不匹配错误
Instagram API Enforce Signed Requests Signature Does Not Match Error
Instagram 文档:https://instagram.com/developer/secure-api-requests/
目标:遵守[现在强制]使用 Instagram 执行签名请求功能 API。
功能问题:不合规 IG 点赞限制为每小时 30 个。遵守允许每小时 100 个赞
技术问题:简单调用 API 媒体时返回以下错误:
{"code": 403, "error_type": "OAuthForbiddenException", "error_message": "Invalid signed-request: Signature does not match"}
Instagram 客户端设置:客户端 ID、客户端密码、重定向 URI 均已验证与 PHP 代码所有部分中使用的匹配。 "Disable implicit OAuth" 和 "Enforce signed requests" 都被选中。
代码说明:需要三段不同的代码来创建与 IG 的握手:1. Header 2. 访问令牌 [即"access_token"] 3. 用 Sig 调用 [即"sig" - 不要与 "signature"] 混淆。我已经确认在所有代码段中使用了相同的 client_id、client_secret 和 access_token。注意:第 1 部分和第 2 部分在强制合规之前工作[ed] 良好。它们仍然工作正常,但我只得到 30 Likes/hr [即主要功能问题]
Header代码:
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
$this->signature = $ip .'|'. hash_hmac('sha256', $ip, $this->settings['client_secret'], false);
访问令牌代码,returns 使用类似于 {"access_token":"11deadbee7.7dded5e.c0d656eead134218beef31a61b45e4d9",...}
的数组成功
$apiData = array(
'grant_type' => 'authorization_code',
'client_id' => $this->getApiKey(),
'client_secret' => $this->getApiSecret(),
'redirect_uri' => $this->getApiCallback(),
'code' => $code
);
$ch = curl_init();
$xHeaderFront = 'X-Insta-Forwarded-For:';
$xHeader = $xHeaderFront.$this->signature;
curl_setopt($ch, CURLOPT_URL, $apiHost);
curl_setopt($ch, CURLOPT_POST, count($apiData));
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($apiData));
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Accept: application/json'));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
$jsonData = curl_exec($ch);
curl_close($ch);
与 Sig 通话。这个returns错误{"code":403,"error_type":"OAuthForbiddenException","error_message":"Invalid signed-request: Signature does not match"}:
$params = array(); //temporary to force a simple set of parameters
$params['count']=10;
$params['access_token'] = $this->getAccessToken(); //11deadbee7.7dded5e.c0d656eead134218beef31a61b45e4d9 masked, but kept for ease of comparison]
$endpoint = '/media/657988443280050001_25025320'; //temporary
$sig = $endpoint;
ksort($params);
foreach ($params as $key => $val) {
$sig .= "|$key=$val";
}
$enforcedSig = hash_hmac('sha256', $sig, $secret, false);
$apiCall = 'https://api.instagram.com/v1/media/657988443280050001_25025320/likes?sig='.$enforcedSig.'&count=10&access_token='.$params['access_token'];
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $apiCall);
$xHeaderFront = 'X-Insta-Forwarded-For:';
$xHeader = $xHeaderFront.$this->signature;
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Accept: application/json',$xHeader));
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
$jsonData = curl_exec($ch);
curl_close($ch);
您的 $endpoint 似乎有误。
添加“/喜欢”。
$endpoint = '/media/657988443280050001_25025320/likes'; //temporary
Instagram 文档:https://instagram.com/developer/secure-api-requests/
目标:遵守[现在强制]使用 Instagram 执行签名请求功能 API。
功能问题:不合规 IG 点赞限制为每小时 30 个。遵守允许每小时 100 个赞
技术问题:简单调用 API 媒体时返回以下错误:
{"code": 403, "error_type": "OAuthForbiddenException", "error_message": "Invalid signed-request: Signature does not match"}
Instagram 客户端设置:客户端 ID、客户端密码、重定向 URI 均已验证与 PHP 代码所有部分中使用的匹配。 "Disable implicit OAuth" 和 "Enforce signed requests" 都被选中。
代码说明:需要三段不同的代码来创建与 IG 的握手:1. Header 2. 访问令牌 [即"access_token"] 3. 用 Sig 调用 [即"sig" - 不要与 "signature"] 混淆。我已经确认在所有代码段中使用了相同的 client_id、client_secret 和 access_token。注意:第 1 部分和第 2 部分在强制合规之前工作[ed] 良好。它们仍然工作正常,但我只得到 30 Likes/hr [即主要功能问题]
Header代码:
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
$this->signature = $ip .'|'. hash_hmac('sha256', $ip, $this->settings['client_secret'], false);
访问令牌代码,returns 使用类似于 {"access_token":"11deadbee7.7dded5e.c0d656eead134218beef31a61b45e4d9",...}
的数组成功$apiData = array(
'grant_type' => 'authorization_code',
'client_id' => $this->getApiKey(),
'client_secret' => $this->getApiSecret(),
'redirect_uri' => $this->getApiCallback(),
'code' => $code
);
$ch = curl_init();
$xHeaderFront = 'X-Insta-Forwarded-For:';
$xHeader = $xHeaderFront.$this->signature;
curl_setopt($ch, CURLOPT_URL, $apiHost);
curl_setopt($ch, CURLOPT_POST, count($apiData));
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($apiData));
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Accept: application/json'));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
$jsonData = curl_exec($ch);
curl_close($ch);
与 Sig 通话。这个returns错误{"code":403,"error_type":"OAuthForbiddenException","error_message":"Invalid signed-request: Signature does not match"}:
$params = array(); //temporary to force a simple set of parameters
$params['count']=10;
$params['access_token'] = $this->getAccessToken(); //11deadbee7.7dded5e.c0d656eead134218beef31a61b45e4d9 masked, but kept for ease of comparison]
$endpoint = '/media/657988443280050001_25025320'; //temporary
$sig = $endpoint;
ksort($params);
foreach ($params as $key => $val) {
$sig .= "|$key=$val";
}
$enforcedSig = hash_hmac('sha256', $sig, $secret, false);
$apiCall = 'https://api.instagram.com/v1/media/657988443280050001_25025320/likes?sig='.$enforcedSig.'&count=10&access_token='.$params['access_token'];
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $apiCall);
$xHeaderFront = 'X-Insta-Forwarded-For:';
$xHeader = $xHeaderFront.$this->signature;
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Accept: application/json',$xHeader));
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
$jsonData = curl_exec($ch);
curl_close($ch);
您的 $endpoint 似乎有误。
添加“/喜欢”。
$endpoint = '/media/657988443280050001_25025320/likes'; //temporary