# 接口授权

## API Key 和 Secret的获取

### 创建新的密钥

系统管理员登录到 Elven 系统，在「项目设置-开放 API」列表，创建新的密钥

<figure><img src="/files/LTWpCVpqr0yNjl7eiYBH" alt=""><figcaption></figcaption></figure>

在弹出的窗口中，给密钥进行命名，选择当前密钥在哪个主体下生效，并配置具体接口的权限。

<figure><img src="/files/D0NVIp5iOeEkhFJzOgjq" alt=""><figcaption></figcaption></figure>

点击创建按钮，新创建的密钥信息会显示在密钥列表中。

### 将API Key 和 Secret的发送给研发人员

点击密钥列表中 Key 和 Secret 后面的复制按钮，即可复制对应信息。分别发送给研发人员即可。

<figure><img src="/files/wHkdV5pMaMrhxg9dwCuR" alt=""><figcaption></figcaption></figure>

## 接口授权的使用 <a href="#elven-api-sign" id="elven-api-sign"></a>

在请求头中提供以下参数

```
elven-api-key  获取到的授权 apiKey
elven-api-sign  base64格式的签名, 例如 LVT5aXA9064gpgZrPXPLJB/Aq9r45yMF10sTZQTteyE=
elven-api-timestamp 以毫秒格式的时间戳, 例如 1721209655047，过期时间是30秒
```

其他sign的算法如下, 把 时间戳, 请求方式, 请求路由拼在一起, 使用secret进行 HMAC SHA256的加密

```javascript
// crypto 采用了 https://github.com/nodejs/node/blob/v16.9.0/lib/crypto.js 库
  /**
   * 生成签名
   * apiSecret: BjGiqCWfHGCrl065dlEBWFO5vLj7Hqiexxx,
   * timestamp: 1721205912758
   * method POST
   *  path  /open/v3/businessData
   */
  buildSign(apiSecret: string, timestamp: number, method: string, path: string) {
    const str = `${timestamp}${method}${path}`
    return crypto.createHmac('sha256', apiSecret).update(str).digest('base64')
  }

```

示例 1

```javascript
[
  'D7JLJ3awwrTdNXtSrPI1GlYE', // key
  'BjGiqCWfHGCrl065dlEBWFO5vLj7Hqie', // secret
  'POST', // method 一定是大写的
  '/open/v3/businessData' // 不能带域名, 只能以 '/' 开始的的path部分
]
{
  'elven-api-key': 'D7JLJ3awwrTdNXtSrPI1GlYE',
  'elven-api-sign': 'LVT5aXA9064gpgZrPXPLJB/Aq9r45yMF10sTZQTteyE=',
  'elven-api-timestamp': 1721209655047
}
```

示例 2

```javascript
[
  'D7JLJ3awwrTdNXtSrPI1GlYE', // key
  'BjGiqCWfHGCrl065dlEBWFO5vLj7Hqie', // secret
  'POST', // method, must be uppercase
  '/open/v3/transaction/source?page=1&limit=10' // path, must start with '/' and with query
]
// headers
{
  'elven-api-key': 'D7JLJ3awwrTdNXtSrPI1GlYE',
  'elven-api-sign': '/AHTH8m1/ZAuPqRNXCzY+iTvmCzjV+IiX0+T/WEsYrg=',
  'elven-api-timestamp': 1721209655047
}
```

示例 python 脚本

{% file src="/files/sfXkVbQGaICB44MTo38b" %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.elven.com/v3/chinese/openapi/jie-kou-shou-quan.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.