Make Request to external servers
In the Mobage open platform, user profile information, social statistics information, and so forth is provided through an API. However, in OpenSocial, an API is provided so that unique partner information and a lot of other information on the Internet beyond the above can also be utilized. gadgets.io.makeRequest() method is an API for making these possible.
The communication port is currently restricted to No. 80 or No. 443.
The following code is used particularly for making unsigned requests to external services.
- Specify POST as the HTTP method.
- Covert the acquired contents into JSON format.
- Specify the body parameters to be posted.
- When the external server URL and response are returned, the callback function that is called is made an argument and gadgets.io.makeRequest() is called.
- Process the response contained in the callback function argument.
Specifying the cache period
By default, the acquisition results of gadgets.io.makeRequest() are cached on the container side for 3,600 seconds. This timeframe can be changed by specifying the gadgets.io.RequestParameters.REFRESH_INTERVAL. Caching can be turned off by setting this value to 0. Caching is only performed when the HTTP method is GET. Caching is not performed in the Sandbox environment, so here the REFRESH_INTERVAL is ignored.
Depending on the data provided by the external server, it may be necessary to confirm the validity of a request from the Mobage open platform (verification of request sender, verification that the request was not falsified). That is why there is a function for adding a signature to a request before sending it in gadgets.io.makeRequest().
An OAuth signature is added to a request by specifying gadgets.io.AuthorizationType.SIGNED for gadgets.io.RequestParameters.AUTHORIZATION as follows.
In the Mobage open platform, a request is sent with the following parameters by adding AuthorizationType.SIGNED.
OAuth Request Body Hash value
Gadget XML URL
Consumer key (Sandbox: sb.mbga-platform.jp / Service mbga-platform.jp)
Public key ID (Sandbox: sb.mbga-platform.jp / Service mbga-platform.jp)
The signature method is fixed to RSA-SHA1.
By using these parameters, a signature can be verified and the validity of a request can be checked.
Signatures are made using OAuth. The details are as follows.
In order to verify a request signed with RSA-SHA1, the public key that is paired with the signed secret key must be used. In the Mobage open platform, two different public keys are arranged: one for the Sandbox environment and one for the actual environment.
Sandbox environment Expires 25/08/2017 18:19:46(JST)
Actual environment Expires 25/08/2017 18:20:41(JST)
- Updated public key.
- Updated public key.
- Initial Release.