Skip to main content

HMAC Request Signing

Comments

9 comments

  • Official comment
    Support

    OAuth1a is available in C#, Java, Android, PHP, Ruby, iOS. We can add this support in remaining languages if needed. Just let us know :)

  • Support

    Hi, we already support OAuth1a, which uses HMACSHA1 signing in many languages. Do you have a custom signing process?

    0
  • J Balakrishnan

    Hi Zeeshan,

    I don't have a custom signing process. I think I can use the OAuth 1 version for the API that we're writing.

    I did not go through the full list and dint realize that OAuth is doing hmac.

    Thank you for the immediate response.

    0
  • J Balakrishnan

    Hi,

    Is it possible to do the HMAC signing process but without all the oauth headers.

    Generate AccessKey and SecretKey fields - Generate nonce and sign the request body
    Add the HMAC Signature as a customized Http Header in the form:- Authorization: Hmac accessKey:Signature
    Add the Nonce as a Http Header

    If the oauth code is a utility when the sdk is generated, then can I possibly customize the oauth code? That might be quicker instead of you writing a whole new authentication type.

    0
  • Support

    Hi. Yes you are right, implementing a new AuthType might take a while for us to implement due to the backlog. However if you are willing to edit the generated code then it should be easy.

    If you set Authentication to OAuth1 TokenSecret, you should already see an OAuthUtility class in the generated code. That class has the code for computing HMAC signatures and nonce etc. It should be straight forward to edit the class. Does that answer your question?

    0
  • J Balakrishnan

    Yes it does.

    I did a sample api and downloaded the sdk for a single language. The oauth utility is separate and it can be edited easily. If the same pattern is there for all languages, then I can definitely get it done.

    I'll play around with the code generator and will ask for help if I bump into any problems.

    Again thanks for the quick response.

    0
  • Support

    Yes, we have the same design pattern for OAuth1 in C#, Java, Android, PHP, Ruby, iOS. Other languages like Python, Go, and JS are currently lacking this auth type implementation. But I am sure we can add this support if you need it :)

    0
  • J Balakrishnan

    No point having it in JS unless its for nodejs server. The whole idea of HMAC is to protect secret :)

    I'm looking at only C#, Ruby, Python, Java, PHP and Go. Go is not urgent anyways :)

    Thank you.

    0
  • Support

    Haha, yes you are right. But I have seen some JS with embedded API Keys. Anyways, once you are done with other languages, I will get someone to look at HMAC signing in Python. Should be straight forward. Best of luck!

    0

Please sign in to leave a comment.