生成签名

主要

基本信息生成签名

存款

入门创建存款创建存款（不带重定向）(iframe) 存款通知（webhook）检查存款状态获取存款列表无需8天等待的存款（Steam交易保护）批准8天冻结期的存款获取失败的 webhook 通知

无SkinsBack用户界面的存款

Create a deposit without SkinsBack UI (API) 获取用户库存

提取皮肤

价格列表（皮肤可用性）搜索皮肤购买皮肤批量购买皮肤购买皮肤的状态皮肤购买历史

其他

项目余额余额和存款提现历史记录货币和汇率服务器状态事件实时性：websockets 实时事件：回调

签名是通过将所有参数以"key:value;"的形式连接起来，并使用Client Secret进行SHA1 HMAC签名生成的。数组和对象将被忽略。您可以在商家后台找到Client Secret。

PHP生成签名的示例：

<?php

function buildSignature($params, $clientSecret)
{
    ksort($params);

    $paramsString = '';
    foreach($params AS $key => $value)
    {
        if($key == 'sign') continue;
        if(is_array($value)) { continue; }
        $paramsString .= $key .':'. $value .';';
    }
    $sign = hash_hmac('sha1', $paramsString, $clientSecret);

    return $sign;
}

$clientSecret = '123'; // Client Secret
$params = array(
    'method' => 'orderstatus',
    'order_id' => 1,
    'shopid' => '123' // Client ID
);
$params['sign'] = buildSignature($params, $clientSecret);

JavaScript生成签名的示例：

function buildSignature(params, clientSecret)
{
    var paramsString = '';
    Object.keys(params).sort().forEach(function(key)
    {
        if (key === 'sign') return;
        if(typeof params[key] == 'object') return;
        paramsString += '' + key + ':' + params[key] + ';';
    });

    var crypto = require('crypto');
    paramsString = crypto.createHmac('sha1', clientSecret).update(paramsString).digest('hex');
    return paramsString;
}

var clientSecret = '123'; // Client Secret
var params = {
    method: 'orderstatus',
    order_id: 1,
    shopid: '123' // Client ID
}
params.sign = buildSignature(params, clientSecret);

Python生成签名的示例：

import base64
import hashlib
import hmac
def buildSignature(params, key):
	# Sort the parameters by key
	sorted_params = dict(sorted(params.items()))
	# Initialize an empty string to build the parameter string
	params_string = ''
	# Iterate through the sorted parameters
	for k, v in sorted_params.items():
		# Skip the 'sign' key
		if k == 'sign':
			continue
		# Skip values that are lists
		if isinstance(v, list):
			continue
		# Concatenate key and value into the params_string
		params_string += f'{k}:{v};'
	# Generate HMAC-SHA1 hash
	hashed = hmac.new(key.encode(), params_string.encode(), hashlib.sha1)
	# Return the hex digest of the hash
	return hashed.hexdigest()
SECRET_KEY = "SECRET KEY"
params_dict = {
	"method": "market_pricelist",
	"shopid": "CLIENT_ID",
	"game": "cs2",
}

signature = buildSignature(params_dict, SECRET_KEY)
params_dict['sign'] = signature

带有签名的PHP请求示例：

<?php
$params = array(
	'shopid' => '1', // Client ID
    'method' => 'create',
	'order_id' => 1,
	'steam_id' => '76561198827262007',
	'trade_token' => 'i1ArBZey',
	'currency' => 'usd'
);
$clientSecret = '123123123123213';
// @see https://skinsback.com/zh-cn/docs/api/v1/signature/
$params['sign'] = buildSignature($params, $clientSecret);

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,"https://skinsback.com/api.php");
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($params));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$server_output = curl_exec($ch);
curl_close ($ch);
var_dump($server_output);

Webhook：PHP 中的验证示例：

<?php

$clientSecret = '123'; // Client Secret
// @see https://skinsback.com/zh-cn/docs/api/v1/signature/
if($_POST['sign'] != buildSignature($_POST, $clientSecret))
{
    die('Wrong signature');
}