Signing Algorithm
Steps
- Collect all request parameters (excluding
sign) and sort by key in ASCII order - Concatenate sorted parameters as
key1=value1&key2=value2&... - Append
&appSecret=yourAppSecretat the end - Compute the MD5 hash (lowercase hexadecimal) of the entire string — this is the
signvalue
Example
Given the following parameters:
| Parameter | Value |
|---|---|
| appKey | abc123 |
| language | zh-CN |
| timestamp | 1700000000 |
App Secret is my_secret_key
Step 1: Sort and concatenate by ASCII order
appKey=abc123&language=zh-CN×tamp=1700000000Step 2: Append appSecret
appKey=abc123&language=zh-CN×tamp=1700000000&appSecret=my_secret_keyStep 3: Compute MD5
sign = MD5("appKey=abc123&language=zh-CN×tamp=1700000000&appSecret=my_secret_key")Code Examples
Java
java
import java.security.MessageDigest;
import java.util.Map;
import java.util.TreeMap;
public class LoxilySign {
public static String generateSign(Map<String, String> params, String appSecret) throws Exception {
TreeMap<String, String> sorted = new TreeMap<>(params);
sorted.remove("sign");
StringBuilder sb = new StringBuilder();
for (Map.Entry<String, String> entry : sorted.entrySet()) {
if (sb.length() > 0) sb.append("&");
sb.append(entry.getKey()).append("=").append(entry.getValue());
}
sb.append("&appSecret=").append(appSecret);
MessageDigest md = MessageDigest.getInstance("MD5");
byte[] digest = md.digest(sb.toString().getBytes("UTF-8"));
StringBuilder hex = new StringBuilder();
for (byte b : digest) {
hex.append(String.format("%02x", b));
}
return hex.toString();
}
}Python
python
import hashlib
def generate_sign(params: dict, app_secret: str) -> str:
filtered = {k: v for k, v in params.items() if k != "sign"}
sorted_keys = sorted(filtered.keys())
sign_str = "&".join(f"{k}={filtered[k]}" for k in sorted_keys)
sign_str += f"&appSecret={app_secret}"
return hashlib.md5(sign_str.encode("utf-8")).hexdigest()JavaScript / Node.js
javascript
const crypto = require('crypto');
function generateSign(params, appSecret) {
const keys = Object.keys(params)
.filter(k => k !== 'sign')
.sort();
const parts = keys.map(k => `${k}=${params[k]}`);
parts.push(`appSecret=${appSecret}`);
return crypto.createHash('md5')
.update(parts.join('&'), 'utf8')
.digest('hex');
}Go
go
package main
import (
"crypto/md5"
"fmt"
"sort"
"strings"
)
func GenerateSign(params map[string]string, appSecret string) string {
keys := make([]string, 0, len(params))
for k := range params {
if k != "sign" {
keys = append(keys, k)
}
}
sort.Strings(keys)
parts := make([]string, 0, len(keys)+1)
for _, k := range keys {
parts = append(parts, fmt.Sprintf("%s=%s", k, params[k]))
}
parts = append(parts, fmt.Sprintf("appSecret=%s", appSecret))
data := strings.Join(parts, "&")
return fmt.Sprintf("%x", md5.Sum([]byte(data)))
}