【发布时间】:2015-10-09 09:30:04
【问题描述】:
Instagram 文档:https://instagram.com/developer/secure-api-requests/
目标:遵守 [现在强制] 使用 Instagram API 强制签名请求功能。
功能问题:不合规 IG Like 限制为每小时 30 个。遵守允许每小时 100 个赞
技术问题:简单调用媒体API返回如下错误:
{"code": 403, "error_type": "OAuthForbiddenException", "error_message": "Invalid signed-request: Signature does not match"}
Instagram 客户端设置:客户端 ID、客户端密码、重定向 URI 均已通过验证,与 PHP 代码所有部分中使用的匹配。 “禁用隐式 OAuth”和“强制签名请求”都被选中。
代码说明:创建与 IG 的握手需要三段不同的代码:1. Header 2. Access Token [i.e. "access_token"] 3. 使用 Sig 调用 [i.e. “sig”——不要与“签名”混淆]。我已经确认在所有代码中都使用了相同的 client_id、client_secret 和 access_token。注意:在强制合规之前,第 1 部分和第 2 部分工作良好。他们仍然可以正常工作,但我每小时只能获得 30 个赞 [即主要功能问题]
标题代码:
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
$this->signature = $ip .'|'. hash_hmac('sha256', $ip, $this->settings['client_secret'], false);
Access Token Code,成功返回类似{"access_token":"11deadbee7.7dded5e.c0d656eead134218beef31a61b45e4d9",...}的数组
$apiData = array(
'grant_type' => 'authorization_code',
'client_id' => $this->getApiKey(),
'client_secret' => $this->getApiSecret(),
'redirect_uri' => $this->getApiCallback(),
'code' => $code
);
$ch = curl_init();
$xHeaderFront = 'X-Insta-Forwarded-For:';
$xHeader = $xHeaderFront.$this->signature;
curl_setopt($ch, CURLOPT_URL, $apiHost);
curl_setopt($ch, CURLOPT_POST, count($apiData));
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($apiData));
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Accept: application/json'));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
$jsonData = curl_exec($ch);
curl_close($ch);
与 Sig 通话。这将返回错误 {"code": 403, "error_type": "OAuthForbiddenException", "error_message": "Invalid signed-request: Signature does not match"}:
$params = array(); //temporary to force a simple set of parameters
$params['count']=10;
$params['access_token'] = $this->getAccessToken(); //11deadbee7.7dded5e.c0d656eead134218beef31a61b45e4d9 masked, but kept for ease of comparison]
$endpoint = '/media/657988443280050001_25025320'; //temporary
$sig = $endpoint;
ksort($params);
foreach ($params as $key => $val) {
$sig .= "|$key=$val";
}
$enforcedSig = hash_hmac('sha256', $sig, $secret, false);
$apiCall = 'https://api.instagram.com/v1/media/657988443280050001_25025320/likes?sig='.$enforcedSig.'&count=10&access_token='.$params['access_token'];
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $apiCall);
$xHeaderFront = 'X-Insta-Forwarded-For:';
$xHeader = $xHeaderFront.$this->signature;
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Accept: application/json',$xHeader));
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
$jsonData = curl_exec($ch);
curl_close($ch);
【问题讨论】:
标签: instagram-api