API header HMAC SHA-1 Base 64

Hi All,

I am trying to connect to an API that requires the following:

  • The date the request was created in UTC, on the format "yyyy-MM-dd HH:mm:ss
  • The access key from the API key set.
  • An HMAC signature created using the secret key from the API key set
  1. Create a string by concatenating the following:
  • The date as specified in the header.
  • The access key.
  • The HTTP method in upper case.
  • The path (including query string) to the web service being called. Please note, only the path, not the scheme or hostname.
  1. Create a signature with the secret key, taking the concatenated string as input, using the “HmacSHA1” algorithm.
  2. Base64 encode the signature.

So I have done all the above, however I am not sure if my SHA-1 digest with Base 64 is correct. The error returned: Invalid signature.

Can anyone see if I have done this correctly?:



In my screenshot input final contains date in UTC, on the format "yyyy-MM-dd HH:mm:ss + Accesskey + HTTP method + path

The issue is that I can not see the value of the result for the SHA1 digest with Base 64 so I can not compare with other online calculators if the value is correct

1 Like

I make my question easier:

Here is an example string:

2013-11-09 14:33:46de235a6a15c340b6b1e1cb5f3687d04aPOST/activity.json/search?lang=EN&currency=ISK

Secret key: 23e2c7da7f7048e5b46f96bc91324800

The question is would the integrated SHA-1 digest with Base 64 result in : XrOiTYa9Y34zscnLCsAEh8ieoyo=

as this is the method I am trying to achieve

After some googleing I figured out a way using toolbox and the below serverside script:

const crypto = require('crypto')

const text = 'I love cupcakes'
const key = 'abcdeg'

crypto.createHmac('sha1', key)