Authorization
Authorization and Access Permissions
1 Obtain Token
1.1 Request URL
| Protocol | URL | Method |
|---|---|---|
| HTTP | https://api.voice.dolphin-ai.jp/platform/v1/auth/online/token | POST |
1.2 Request Parameters
Headers
| Parameter Name | Parameter Value | Required |
|---|---|---|
| Content-Type | application/json | Yes |
Body
| Name | Type | Required | Note |
|---|---|---|---|
| app_id | string | Yes | Application ID |
| timestamp | integer | Yes | Timestamp |
| signature | string | Yes | Generated signature |
1.3 Return Data
| Name | Type | Required | Note |
|---|---|---|---|
| status | string | Yes | Status code (000000 indicates success, others indicate failure) |
| message | string | Yes | Information |
| data | object | No | |
| ├─ app_id | string | No | appID |
| ├─ token | string | No | token |
| ├─ expiration_time | number | No | Expires 7 days after creation |
1.4 Return Value Example
{
"status": "000000",
"message": "success",
"data": {
"app_id": "fb5c3de6-a247-46f4-987f-420f9d14a956",
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJBdXRob3JpemF0aW9uIjoiMTU1OGFlZWEtMWNiYS00NTVhLTk3YTEtNDIxNzllMTljZmQ5IiwiY2xpZW50X2lkIjoyOSwiZXhwIjoxNjkwMzcwNDIzLCJpYXQiOjE2ODk3NjU2MjMsInNlc3Npb25faWQiOiJmYjVjM2RlNi1hMjQ3LTQ2ZjQtOTg3Zi00MjBmOWQxNGE5NTYifQ.GaqxUnZx5ipB7EGeV8WKWgjEaGCQx7O5TOPyF0mL_XI",
"expiration_time": 1690370423
}
}1.5 Signature Calculation Method
-
Sort the request parameters in dictionary order, excluding the
signature. -
Construct a standardized request string, such as:
app_id=XXXX-XXXX-XXXX&secret=XXXX-XXXX-XXXX×tamp=1234567890- Based on your
appSecret, calculate the corresponding digital signature for the string constructed in Step 2 using the HMAC-SHA1 algorithm.
HMAC-SHA1(stringToSign, appSecret)-
Perform base64 encoding on the result to obtain the
signature. -
Sample code for generating digital signatures on the backend.
import hashlib
import hmac
def _hmac_sha1(data, secret):
return str(base64.b64encode(hmac.new(bytes(secret, 'utf-8'), bytes(data, 'utf-8'),
hashlib.sha1).digest()), 'utf-8')
timestamp = str(int(time.time()))
string_to_sign = "app_id=" + app_id + "&secret=" + secret + "×tamp=" + timestamp
signature = _hmac_sha1(string_to_sign, app_secret)2 Use Token
When accessing the relevant server-side APIs via the HTTP protocol, to authenticate your identity, please include information such as Token, AppId in the HTTP headers of your request.
| Header Name | Header Value |
|---|---|
| Authorization | Standard HTTP header for setting authentication information. The format must be the standard form Bearer ${Token} (note the space after Bearer). |
3 Tips
Do not store the application secret (AppSecret) on the client side. If you store AppSecret on the client side, it may be susceptible to theft by third parties.
The best practice is to store your AppSecret on the secure server side, and use the application ID (AppID) and AppSecret on that server to periodically refresh Tokens. Additionally, distribute the token to the client side through a secure channel (e.g., a secure TLS long-term connection).