Home
Find the answer to your question
Summary
When an eBay user subscribes, cancels the subscription, clicks the Start button or does an EBAY_SIGNED makeRequest on your Application, eBay sends you a digitally signed addSubsriber request, removeSubscriber request, Render URL request or makeRequest document respectively. You need to verify that the document originated from eBay, and then decrypt passed user information for the subscriber or requester of the URL type Open eBay Apps.
Detailed Description
The following are code samples ( for most used development environments in ebay developer community) that illustrate how to ensure the obtained document is authentic.
Development Language | Signature Verifier | Decrypter | SignatureExtrator |
PHP | SignatureVerification.php | StandardDecrypter.php | SignatureExtraction.php |
C# | SignautureVerification.cs | StandardDecrypter.cs | SignatureExtraction.cs |
JAVA | SignatureVerification.java | StandardDecrypter.java | SignatureExtraction.java |
PERL | SignatureVerification.pm | StandardDecrypter.pm | SignatureExtraction.pm |
It is assumed that you have already downloaded the public key and saved to a local file as: $publicKeyFilePath
NOTE. For Sun JDK Developer, you need to first concatenate the multiple lines public key into one long line before your verification code can process the public key.
********** For addSubscriber and removeSubscriber **********
Usage
SignatureVerification.verify($encodedSignature, $encryptedTokenValue, $publicKeyFilePath);
StandardDecrypter.decrypt($encryptedTokenValue, $masterKeyStr)
where $encodedSignature= addSubscriberRequest.credentials.token.signature
$encryptedTokenValue=addSubscriberRequest.credentials.tokenValue
$masterKeyStr = your application's CertID
********** For Render URL **********
NOTE. As documented, in a render request, the signature is in the sig
parameter in the HTTP POST body. You need to assemble the string for signature verification by processing the parameters referenced in the sp
parameter. The sp
parameter contains a comma-separated list of the parameters that are included in the signature. The parameter values are to be URL-encoded and concatenated with "&". If any URL parameter itself has multiple values, the individual parameters are URL-encoded and concatenated with "|" prior to concatenation with "&". Please see details in the SignatureExtraction samples above.
Usage
SignatureVerification.verify($encodedSignature, SignatureExtraction.extractSignature($request), $publicKeyFilePath );
StandardDecrypter.decrypt($encryptedTokenValue, $masterKeyStr)
where $encodedSignature=URL Parameter.sig
$encryptedTokenValue=URL Parameter.st
$request: HTTP REQUEST object
$masterKeyStr = your application's CertID
Additional Information
Documentation: Authentication and Processing Requests from eBay