Make Request to external servers

gadgets.io.makeRequest()

In the Mobage open platform, user profile information, social statistics information, and so forth is provided through an API. However, in OpenSocial, an API is provided so that unique partner information and a lot of other information on the Internet beyond the above can also be utilized. gadgets.io.makeRequest() method is an API for making these possible.

The communication port is currently restricted to No. 80 or No. 443.

Unsigned requests

The following code is used particularly for making unsigned requests to external services.

  • Specify POST as the HTTP method.
  • Covert the acquired contents into JSON format.
  • Specify the body parameters to be posted.
  • When the external server URL and response are returned, the callback function that is called is made an argument and gadgets.io.makeRequest() is called.
  • Process the response contained in the callback function argument.

Specifying the cache period

By default, the acquisition results of gadgets.io.makeRequest() are cached on the container side for 3,600 seconds. This timeframe can be changed by specifying the gadgets.io.RequestParameters.REFRESH_INTERVAL. Caching can be turned off by setting this value to 0. Caching is only performed when the HTTP method is GET. Caching is not performed in the Sandbox environment, so here the REFRESH_INTERVAL is ignored.

Signed requests

Depending on the data provided by the external server, it may be necessary to confirm the validity of a request from the Mobage open platform (verification of request sender, verification that the request was not falsified). That is why there is a function for adding a signature to a request before sending it in gadgets.io.makeRequest().

An OAuth signature is added to a request by specifying gadgets.io.AuthorizationType.SIGNED for gadgets.io.RequestParameters.AUTHORIZATION as follows.

In the Mobage open platform, a request is sent with the following parameters by adding AuthorizationType.SIGNED.

oauth_body_hash

OAuth Request Body Hash value

opensocial_owner_id

OWNER ID

opensocial_viewer_id

VIWER ID

opensocial_app_id

Application ID

opensocial_app_url

Gadget XML URL

oauth_consumer_key

Consumer key (Sandbox: sb.mbga-platform.jp / Service mbga-platform.jp)

xoauth_public_key

Public key ID (Sandbox: sb.mbga-platform.jp / Service mbga-platform.jp)

oauth_version

OAuth version

oauth_timestamp

Timestamp

oauth_signature_method

The signature method is fixed to RSA-SHA1.

oauth_nonce

Random string

oauth_signature

OAuth signature

By using these parameters, a signature can be verified and the validity of a request can be checked.

Signature verification

Signatures are made using OAuth. The details are as follows.

http://docs.opensocial.org/display/OSREF/Validating+Signed+Requests

In order to verify a request signed with RSA-SHA1, the public key that is paired with the signed secret key must be used. In the Mobage open platform, two different public keys are arranged: one for the Sandbox environment and one for the actual environment.

Sandbox environment Expires 25/08/2017 18:19:46(JST)

-----BEGIN CERTIFICATE-----
MIICOTCCAaKgAwIBAgIJAK3cE459+jV9MA0GCSqGSIb3DQEBBQUAMB4xHDAaBgNV
BAMTE3NiLm1iZ2EtcGxhdGZvcm0uanAwHhcNMTUwNzE0MDkxOTQ2WhcNMTcwODI1
MDkxOTQ2WjAeMRwwGgYDVQQDExNzYi5tYmdhLXBsYXRmb3JtLmpwMIGfMA0GCSqG
SIb3DQEBAQUAA4GNADCBiQKBgQDZ8xJKX1rPli72IF2L+tRV9Tk1c2kRixEEwzxR
T2bz37w/8XJQaMVxtFQMCYqquZUmHDss4JgF/prE4HGnX0j6x9MZUrt0k2VzDINm
Y+F61QJZCLqqy5MBxR9Dyu87DucPf7WsP3C1EMrfB8c29qVT7is+pMuYDowmsPql
eJ4pswIDAQABo38wfTAdBgNVHQ4EFgQUtNIqfC+B1PmcIhDmIA8+QxALZU4wTgYD
VR0jBEcwRYAUtNIqfC+B1PmcIhDmIA8+QxALZU6hIqQgMB4xHDAaBgNVBAMTE3Ni
Lm1iZ2EtcGxhdGZvcm0uanCCCQCt3BOOffo1fTAMBgNVHRMEBTADAQH/MA0GCSqG
SIb3DQEBBQUAA4GBALOFgNEL5x7tdorlPjwVlOSMZu+xgDR6oVmDEz+nYYBn1E2X
a3Td6+h1tgrkkPUIh8ydDdPQh1yKdAX0QSFifXXf3hUHSPh/A0JwqvrZTnmvZbp7
fWr0mq70uS4tlkNIUlAYlg7QwLZrW24k5V6ntjFmBqut10CYIIS8ln8e6WIg
-----END CERTIFICATE-----

Actual environment  Expires 25/08/2017 18:20:41(JST)

-----BEGIN CERTIFICATE-----
MIICMDCCAZmgAwIBAgIJAKgXukluiO9rMA0GCSqGSIb3DQEBBQUAMBsxGTAXBgNV
BAMTEG1iZ2EtcGxhdGZvcm0uanAwHhcNMTUwNzE0MDkyMDQxWhcNMTcwODI1MDky
MDQxWjAbMRkwFwYDVQQDExBtYmdhLXBsYXRmb3JtLmpwMIGfMA0GCSqGSIb3DQEB
AQUAA4GNADCBiQKBgQDJiPISeGA1qFk3iCX/71yYN7DiHQhkkcEokr0WiOoHXEMH
bq25kb2oMFrUthS3FldzlCJQl6qfYcI2Q48LFoLjaaORkhNuW5WzqvRQSezyRBNS
3Z8LBmlEkqBnwLMA3BQTtgNctMajEzRGxd/1eLg4bQwpjVwzokxBVjNDZNh3dwID
AQABo3wwejAdBgNVHQ4EFgQUDGmQcD11YTlCXrGvuwbeO2g9tR0wSwYDVR0jBEQw
QoAUDGmQcD11YTlCXrGvuwbeO2g9tR2hH6QdMBsxGTAXBgNVBAMTEG1iZ2EtcGxh
dGZvcm0uanCCCQCoF7pJbojvazAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUA
A4GBAKlQHWdvTwezlK5iyeF5485nhPwR2EvtlfQ8SUjq5DWDC6Vwc/W/BxVHNFSg
mXkYwrvQCBjTyAt691vprqgusxq5eUrxBV+BWySjLQOkTBpU82N96qDicidzbylw
yESjbXbeMeZIZ6p3W19HrQEzwKd0KMWy6a81S46Oowh4HXhU
-----END CERTIFICATE-----

Revision History

  • 24/07/2015
    • Updated public key.
  • 24/07/2013
    • Updated public key.
  • 12/2010
    • Initial Release.

PREVIOUS

LifeCycleEvent

NEXT

Displaying Flash Content