JIYIK CN >

To become a developer of WeChat official account, you must first have a server that can be accessed externally. The development of WeChat official account does not limit the use of any language. Here we use PHP as the development language.

Interface access configuration

After logging in to the WeChat public platform official website, click the "Modify Configuration" button on the public platform backend management page - Developer Center page , and fill in the server address (URL), Token, and EncodingAESKey, where the URL is the interface URL used by developers to receive WeChat messages and events. The Token can be filled in arbitrarily by the developer and used to generate the signature (the Token will be compared with the Token contained in the interface URL to verify security). The EncodingAESKey is filled in manually by the developer or randomly generated, and will be used as the encryption and decryption key for the message body.

At the same time, developers can choose the message encryption and decryption mode: plain text mode, compatible mode and secure mode. The mode selection and server configuration will take effect immediately after submission. Developers are requested to fill in and select carefully. The default state of the encryption and decryption mode is plain text mode. Selecting compatible mode and secure mode requires configuring the relevant encryption and decryption code in advance. For details, please refer to the document on message body signature and encryption and decryption.

Authentication

After filling in the interface information, we start to authenticate the identity and verify the validity of the server. After we submit the information, the WeChat server will send a GET request to the URL we filled in above. In the URL address filled in above, we can see that we filled in a PHP file. Yes, we use this PHP file for verification.

Some verification codes are as follows

public function valid(){
     $echoStr = $_GET["echostr"];
 //valid signature , option
     if($this->checkSignature()){
        echo $echoStr;
        exit;
     }
}
private function checkSignature(){
    // you must define TOKEN by yourself
    if (!defined("TOKEN")) {
        throw new Exception('TOKEN is not defined!');
    }
    $signature = $_GET["signature"];
    $timestamp = $_GET["timestamp"];
$nonce = $_GET["nonce"];
$token = TOKEN;
         $tmpArr = array($token, $timestamp, $nonce);
    // use SORT_STRING rule
         sort($tmpArr, SORT_STRING);
         $tmpStr = implode( $tmpArr );
         $tmpStr = sha1( $tmpStr );
         if( $tmpStr == $signature ){
                   return true;
         }else{
                   return false;
         }
}

From the above code we can see that the WeChat server will send four parameters to our server address, namely:

signature WeChat encrypted signature, signature combines the token parameter filled in by the developer and the timestamp parameter and nonce parameter in the request.
timestamp timestamp
nonce random number
echostr random string

So where does the token come from? The token here is the field below the Token URL that we filled in above. So we need to define the token constant in our verification code

define("TOKEN","The token we filled in"); //Note that the value here must be consistent with what we filled in above

php complete code download

After our verification code is ready, submit the information, and we will be surprised to see that the configuration is successful at the top.

After the access is successful, we need to think about enabling our interface, and then we can achieve the desired effect according to the development documentation.