<blockquote>
<p><strong>Question</strong>: I need to have something like a timestamp of the request included in the signature</p>
</blockquote>
<p>例如:</p>
<pre><code>import hmac, hashlib, datetime
api_key = 'this is a key'
fetch_path = 'http://phone_messages/pending'
fetch_body = '{}'
fetch_data = fetch_path + ':' + fetch_body
for n in range(3):
fetch_signature = fetch_data + str(datetime.datetime.now().timestamp() )
fetch_hmac = hmac.new(api_key.encode('utf-8'), fetch_signature.encode('utf-8'), hashlib.sha1).hexdigest()
print("{}:{} {}".format(n, fetch_signature, fetch_hmac))
</code></pre>
<blockquote>
<p><strong>Output</strong>:</p>
<pre><code>0:http://phone_messages/pending:{}1538660666.768066 cfa49feaeaf0cdc5ec8bcf1057446c425863e83a
1:http://phone_messages/pending:{}1538660666.768358 27d0a5a9f33345babf0c824f45837d3b8863741e
2:http://phone_messages/pending:{}1538660666.768458 67298ad0e9eb8bb629fce4454f092b74ba8d6c66
</code></pre>
</blockquote>
<p>我建议在<a href="https://security.stackexchange.com/search?q=auth+spoof#">security.stackexchange.com</a>讨论<strong>安全性</strong>。<br/>
作为起点,阅读:<a href="https://security.stackexchange.com/questions/56716/what-is-a-auth-key-in-the-security-of-the-computers">what-is-a-auth-key-in-the-security-of-the-computers</a></p>