PHPackages entere/sign - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [API Development](/categories/api) 4. / 5. entere/sign ActiveLibrary[API Development](/categories/api) entere/sign =========== API签名,采用API签名,保证请求的数据正确性、保证接口安全。 v1.0.0(9y ago)123086MITPHPPHP >=5.4 Since Mar 29Pushed 9y agoCompare [ Source](https://github.com/entere/sign)[ Packagist](https://packagist.org/packages/entere/sign)[ RSS](/packages/entere-sign/feed)WikiDiscussions master Synced 1mo ago READMEChangelogDependenciesVersions (4)Used By (0) 安装 == [](#安装) 安装包文件 ``` composer require "entere/sign:v1.0.0" ``` 使用 == [](#使用) php 实例: ``` ``` Laravel5 实例: ``` ``` 说明 == [](#说明) 客户端与服务端的数据交互,大部分应用都采用的 RESTful API 的方式,那么如何确保 API 接口的安全性呢?URL 签名的方式可以确保请求的过程中参数不被修改。 签名的机制是由开发者在 API 客户端计算出系列参数组合的哈希值,将产生的信息添加到 URL 请求的 sign 参数。 例如 API 请求参数如下: ``` { "access_key":"7576762362", "timestamp":"1439279383630", "screen_name":"entere", "format":"json" } ``` 1、按参数名进行升序排列 access\_key, timestamp, screen\_name, format 其中不包括空值参数 排序后的参数为: ``` { "access_key":"7576762362", "format":"json", "screen_name":"entere", "timestamp":"1438279283630", } ``` 2、构造签名串 以secret字符串开头,追加排序后参数名称和值,格式: ``` secretkey1value1key2value2... ``` 假设 secret的值为 `f827182b1051075e601c73ac1ae329fa` 应用到上述示例得到签名串为: ``` f827182b1051075e601c73ac1ae329faaccess_key7576762362formatjsonscreen_nameenteretimestamp1438279283630 ``` 3、计算签名 对上面的签名串进行 md5 签名: ``` md5(f827182b1051075e601c73ac1ae329faaccess_key7576762362formatjsonscreen_nameenteretimestamp1438279283630) ``` 并把值转成小写: ``` 927c0fc11caaf98840ed7773b348685c ``` 4、添加签名 将计算的签名值以 sign 参数名,附加到 URL 请求中。一个典型的 API 请求如下所示 ``` https://xxx.com/xxx?access_key=7576762362&format=json&screen_name=entere×tamp=1438279283630&sign=927c0fc11caaf98840ed7773b348685c ``` 5、服务器验证 验证请求者的身份:简单判断 access\_key。 防止重放攻击:服务器端首先验证时间戳 timestamp 是否有效,比如是服务器时间戳 5 分钟之前的请求视为无效。 保护传输中的数据:服务端收到请求时,将基于相同签名方法(去掉 sign 参数)重新计算哈希,并将其与请求中包括的哈希值进行匹配。如果哈希值不匹配,服务器将返回 401(未授权被拒绝)错误码。 License ======= [](#license) MIT ### Health Score 31 — LowBetter than 68% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity22 Limited adoption so far Community9 Small or concentrated contributor base Maturity60 Established project with proven stability Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~2 days Total 2 Last Release 3336d ago Major Versions v0.0.1 → v1.0.02017-03-31 ### Community Maintainers ![](https://www.gravatar.com/avatar/d493d1f3231561ace899ee7aa6a4499b8f5d6a06818e66c181e0c513d8591903?d=identicon)[entere](/maintainers/entere) --- Top Contributors [![entere](https://avatars.githubusercontent.com/u/2290564?v=4)](https://github.com/entere "entere (4 commits)") --- Tags apisign ### Embed Badge ![Health badge](/badges/entere-sign/health.svg) ``` [![Health](https://phpackages.com/badges/entere-sign/health.svg)](https://phpackages.com/packages/entere-sign) ``` ### Alternatives [m165437/laravel-blueprint-docs API Blueprint Renderer for Laravel 22779.0k](/packages/m165437-laravel-blueprint-docs)[delatbabel/apisecurity API Security Helpers. 1378.1k](/packages/delatbabel-apisecurity) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)