">mixi Developer Center (mDC)

mixi Apps

mixi Apps (English) » Technical Specification (new method) » PC » Parameter when running and OAuth Signature Verification

Parameter when running and OAuth Signature Verification

The request to the SAP server includes information about running the application, user information, and various parameters, such as a valid digital signature. Using them properly, the social application is created simply and safely.

Parameter when running

When the mixi app is run on a running page of the mixi app (run_appli.pl), the iframe that considers the previously registered start URL as src is drawn.
In this case, the request to Start URL is the post request with signature, including the parameters below.

Parameter name Value
opensocial_app_id Application ID
opensocial_owner_id App Registered user ID(*)
opensocial_viewer_id APP run user ID (*)
Parameter starting from oauth_ or xoauth Signature information
Please refer to Signature Verification in detail

*Opensocial_owner_id and opensocial_viewer_id are only given when r_profile is obtained in user permissions. Please refer to the list of “User Permissions” about user permissions.
また、新方式のmixiアプリでは、opensocial_owner_id と opensocial_viewer_id は常に同一の値となります。

Signature Verification 

The request when running the mixi app includes a valid digital signature (OAuth Signature) other than information about the app and the user. In order to block unauthorized access, except for the mixi app, please verify the signature all the time. If you neglect the process, malicious users will be able to easily gain access without authorization. Verifying the signature properly, you can check below.

  • The request is sent from the mixi platform.
  • The content of the request is not falsified.

Signature method uses RSA-SHA1. Please refer to Validating Signed Requests.

Public Key 

The public key for verifying the validity of a signed request is as shown below. 

-----BEGIN CERTIFICATE-----
MIIDNzCCAh+gAwIBAgIJANH20l9V3QyGMA0GCSqGSIb3DQEBBQUAMDIxCzAJBgNV
BAYTAkpQMREwDwYDVQQKDAhtaXhpIEluYzEQMA4GA1UEAwwHbWl4aS5qcDAeFw0x
MzExMDcwODQwMzhaFw0yMzExMDUwODQwMzhaMDIxCzAJBgNVBAYTAkpQMREwDwYD
VQQKDAhtaXhpIEluYzEQMA4GA1UEAwwHbWl4aS5qcDCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBAMjrvmoMZdlxPbW86JO1VbIguv8ddAQV/+ZtjmanLXU6
QjbGz/0wAONo19R/z4oqccNI1USmGBocuNtzFaIbsXVohaJpJm6cJMQ6dYqJbWZD
C0m8Va+8fx3xjFs/MckvymPbNCSxsycSkiwBNLM0atNiBnRRr5rLHwOlXDarOkaL
sAYPA/EctZq4Mg380dFpDC1mqzjQvXRQ9Z9z/MD75b06EwYY4L/Yb+F92S5BhagM
pSxfIJF7VTmA9de2PE67fhoQOXGg48fS2XE2uKDMuE1U/rQIYzAw3twFJNXiCZ3j
F3uo8pjAy1kWY4uh9KwQ2zXEXSYjJOVDu2eX7Q+ZJDsCAwEAAaNQME4wHQYDVR0O
BBYEFCJwA3yljcHQ917eLcEh1kIzGIE1MB8GA1UdIwQYMBaAFCJwA3yljcHQ917e
LcEh1kIzGIE1MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAMSUBJc8
LGLuRvhpqBfUcuHuQzzMM4Xw9x2pEcBAocu6wijvYZt1ATI6zzxC6213BT63ei4W
UzXPYUjC70BGqQu4lhFKRECl48BLJzELayS6Lh+teYmSIdXc3DNsK9L/T19deeC5
iHjkD76z6YPjsPpLyo3TkCi2Ebz+oNkCXQYCZsI0QToTuMuYyL+bsDyFmWTRlvx2
KGZe3pdbMLZW4QSHoN6h0rSpgYKi6vdKbPzLcFEko1oYUwFCHDENvqVfZdMEuauA
W58UChLDu+5bVdldYrmXkZ+u/PiSCsIVKvfCZ+JlgJR4wX+4YgICl5FbRhD/qg2l
S791sxe9mHZeByk=
-----END CERTIFICATE-----

 

TOP OF THIS PAGE