UserSig is a security protection signature designed by Tencent Cloud for its cloud services. It is a login credential that is encrypted by a combination of SDKAppID and SecretKey.
Formal production environment
Method 1: Use in formal environment
The correct way to issue UserSig is to integrate the UserSig calculation code into your server and provide a project-oriented interface. When a UserSig is needed, your project initiates a request to the business server to obtain a dynamic UserSig. For more details, please see Server-side generated UserSig.
Local debugging
Method 2: Obtain from console, refer to to obtain temporary userSig
Method 3: Deploy temporary generation script
This method is to configure SECRETKEY in the front-end code. In this method, SECRETKEY can be easily decompiled and reversely cracked. Once your key is leaked, the attacker can steal your Tencent Cloud traffic, so this method only Suitable for local run-through function debugging, please deploy on the server side for formal environment.
To facilitate initial debugging, we provide a toolkit that can generate userSig. You can click here Download here. Put it into your project, and after introducing it, you can temporarily use the genTestUserSig(params) function in GenerateTestUserSig-es.js to calculate the signature:
import introduction
import { genTestUserSig } from "./debug/GenerateTestUserSig-es.js";
const { userSig } = genTestUserSig({ userID: "Alice", SDKAppID: 0, SecretKey: "YOUR_SECRETKEY" });
script introduction
<script type="module">
import { genTestUserSig } from "../debug/GenerateTestUserSig-es.js";
window.genTestUserSig = genTestUserSig;
</script>