Make Request to external servers
gadgets.io.makeRequest()
In the Mobage open platform, user profile information, social statistics information, and so forth is provided through an API. However, in OpenSocial, an API is provided so that unique partner information and a lot of other information on the Internet beyond the above can also be utilized. gadgets.io.makeRequest() method is an API for making these possible.
 | The communication port is currently restricted to No. 80 or No. 443. |
Unsigned requests
The following code is used particularly for making unsigned requests to external services.
- Specify POST as the HTTP method.
- Covert the acquired contents into JSON format.
- Specify the body parameters to be posted.
- When the external server URL and response are returned, the callback function that is called is made an argument and gadgets.io.makeRequest() is called.
- Process the response contained in the callback function argument.
Specifying the cache period
By default, the acquisition results of gadgets.io.makeRequest() are cached on the container side for 3,600 seconds. This timeframe can be changed by specifying the gadgets.io.RequestParameters.REFRESH_INTERVAL. Caching can be turned off by setting this value to 0. Caching is only performed when the HTTP method is GET. Caching is not performed in the Sandbox environment, so here the REFRESH_INTERVAL is ignored.
Signed requests
Depending on the data provided by the external server, it may be necessary to confirm the validity of a request from the Mobage open platform (verification of request sender, verification that the request was not falsified). That is why there is a function for adding a signature to a request before sending it in gadgets.io.makeRequest().
An OAuth signature is added to a request by specifying gadgets.io.AuthorizationType.SIGNED for gadgets.io.RequestParameters.AUTHORIZATION as follows.
In the Mobage open platform, a request is sent with the following parameters by adding AuthorizationType.SIGNED.
oauth_body_hash | OAuth Request Body Hash value |
opensocial_owner_id | OWNER ID |
opensocial_viewer_id | VIWER ID |
opensocial_app_id | Application ID |
opensocial_app_url | Gadget XML URL |
oauth_consumer_key | Consumer key (Sandbox: sb.mbga-platform.jp / Service mbga-platform.jp) |
xoauth_public_key | Public key ID (Sandbox: sb.mbga-platform.jp / Service mbga-platform.jp) |
oauth_version | OAuth version |
oauth_timestamp | Timestamp |
oauth_signature_method | The signature method is fixed to RSA-SHA1. |
oauth_nonce | Random string |
oauth_signature | OAuth signature |
By using these parameters, a signature can be verified and the validity of a request can be checked.
Signature verification
Signatures are made using OAuth. The details are as follows.
http://docs.opensocial.org/display/OSREF/Validating+Signed+Requests
In order to verify a request signed with RSA-SHA1, the public key that is paired with the signed secret key must be used. In the Mobage open platform, two different public keys are arranged: one for the Sandbox environment and one for the actual environment.
Sandbox environment Expires 25/08/2017 18:19:46(JST)
-----BEGIN CERTIFICATE----- MIICOTCCAaKgAwIBAgIJAK3cE459+jV9MA0GCSqGSIb3DQEBBQUAMB4xHDAaBgNV BAMTE3NiLm1iZ2EtcGxhdGZvcm0uanAwHhcNMTUwNzE0MDkxOTQ2WhcNMTcwODI1 MDkxOTQ2WjAeMRwwGgYDVQQDExNzYi5tYmdhLXBsYXRmb3JtLmpwMIGfMA0GCSqG SIb3DQEBAQUAA4GNADCBiQKBgQDZ8xJKX1rPli72IF2L+tRV9Tk1c2kRixEEwzxR T2bz37w/8XJQaMVxtFQMCYqquZUmHDss4JgF/prE4HGnX0j6x9MZUrt0k2VzDINm Y+F61QJZCLqqy5MBxR9Dyu87DucPf7WsP3C1EMrfB8c29qVT7is+pMuYDowmsPql eJ4pswIDAQABo38wfTAdBgNVHQ4EFgQUtNIqfC+B1PmcIhDmIA8+QxALZU4wTgYD VR0jBEcwRYAUtNIqfC+B1PmcIhDmIA8+QxALZU6hIqQgMB4xHDAaBgNVBAMTE3Ni Lm1iZ2EtcGxhdGZvcm0uanCCCQCt3BOOffo1fTAMBgNVHRMEBTADAQH/MA0GCSqG SIb3DQEBBQUAA4GBALOFgNEL5x7tdorlPjwVlOSMZu+xgDR6oVmDEz+nYYBn1E2X a3Td6+h1tgrkkPUIh8ydDdPQh1yKdAX0QSFifXXf3hUHSPh/A0JwqvrZTnmvZbp7 fWr0mq70uS4tlkNIUlAYlg7QwLZrW24k5V6ntjFmBqut10CYIIS8ln8e6WIg -----END CERTIFICATE-----
Actual environment Expires 25/08/2017 18:20:41(JST)
-----BEGIN CERTIFICATE----- MIICMDCCAZmgAwIBAgIJAKgXukluiO9rMA0GCSqGSIb3DQEBBQUAMBsxGTAXBgNV BAMTEG1iZ2EtcGxhdGZvcm0uanAwHhcNMTUwNzE0MDkyMDQxWhcNMTcwODI1MDky MDQxWjAbMRkwFwYDVQQDExBtYmdhLXBsYXRmb3JtLmpwMIGfMA0GCSqGSIb3DQEB AQUAA4GNADCBiQKBgQDJiPISeGA1qFk3iCX/71yYN7DiHQhkkcEokr0WiOoHXEMH bq25kb2oMFrUthS3FldzlCJQl6qfYcI2Q48LFoLjaaORkhNuW5WzqvRQSezyRBNS 3Z8LBmlEkqBnwLMA3BQTtgNctMajEzRGxd/1eLg4bQwpjVwzokxBVjNDZNh3dwID AQABo3wwejAdBgNVHQ4EFgQUDGmQcD11YTlCXrGvuwbeO2g9tR0wSwYDVR0jBEQw QoAUDGmQcD11YTlCXrGvuwbeO2g9tR2hH6QdMBsxGTAXBgNVBAMTEG1iZ2EtcGxh dGZvcm0uanCCCQCoF7pJbojvazAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUA A4GBAKlQHWdvTwezlK5iyeF5485nhPwR2EvtlfQ8SUjq5DWDC6Vwc/W/BxVHNFSg mXkYwrvQCBjTyAt691vprqgusxq5eUrxBV+BWySjLQOkTBpU82N96qDicidzbylw yESjbXbeMeZIZ6p3W19HrQEzwKd0KMWy6a81S46Oowh4HXhU -----END CERTIFICATE-----
Revision History
- 24/07/2015
- Updated public key.
- 24/07/2013
- Updated public key.
- 12/2010
- Initial Release.