HMAC Request Signing

Comments

9 comments

  • Official comment
    Support

    OAuth1a is available in C#, Java, Android, PHP, Ruby, iOS. We can add this support in remaining languages if needed. Just let us know :)

    Comment actions Permalink
  • Support

    Hi, we already support OAuth1a, which uses HMACSHA1 signing in many languages. Do you have a custom signing process?

    0
    Comment actions Permalink
  • J Balakrishnan

    Hi Zeeshan,

    I don't have a custom signing process. I think I can use the OAuth 1 version for the API that we're writing.

    I did not go through the full list and dint realize that OAuth is doing hmac.

    Thank you for the immediate response.

    0
    Comment actions Permalink
  • J Balakrishnan

    Hi,

    Is it possible to do the HMAC signing process but without all the oauth headers.

    Generate AccessKey and SecretKey fields - Generate nonce and sign the request body
    Add the HMAC Signature as a customized Http Header in the form:- Authorization: Hmac accessKey:Signature
    Add the Nonce as a Http Header

    If the oauth code is a utility when the sdk is generated, then can I possibly customize the oauth code? That might be quicker instead of you writing a whole new authentication type.

    0
    Comment actions Permalink
  • Support

    Hi. Yes you are right, implementing a new AuthType might take a while for us to implement due to the backlog. However if you are willing to edit the generated code then it should be easy.

    If you set Authentication to OAuth1 TokenSecret, you should already see an OAuthUtility class in the generated code. That class has the code for computing HMAC signatures and nonce etc. It should be straight forward to edit the class. Does that answer your question?

    0
    Comment actions Permalink
  • J Balakrishnan

    Yes it does.

    I did a sample api and downloaded the sdk for a single language. The oauth utility is separate and it can be edited easily. If the same pattern is there for all languages, then I can definitely get it done.

    I'll play around with the code generator and will ask for help if I bump into any problems.

    Again thanks for the quick response.

    0
    Comment actions Permalink
  • Support

    Yes, we have the same design pattern for OAuth1 in C#, Java, Android, PHP, Ruby, iOS. Other languages like Python, Go, and JS are currently lacking this auth type implementation. But I am sure we can add this support if you need it :)

    0
    Comment actions Permalink
  • J Balakrishnan

    No point having it in JS unless its for nodejs server. The whole idea of HMAC is to protect secret :)

    I'm looking at only C#, Ruby, Python, Java, PHP and Go. Go is not urgent anyways :)

    Thank you.

    0
    Comment actions Permalink
  • Support

    Haha, yes you are right. But I have seen some JS with embedded API Keys. Anyways, once you are done with other languages, I will get someone to look at HMAC signing in Python. Should be straight forward. Best of luck!

    0
    Comment actions Permalink

Please sign in to leave a comment.