API header HMAC SHA-1 Base 64

edward.w.douglas · January 12, 2021, 9:19am

Hi All,

I am trying to connect to an API that requires the following:

The date the request was created in UTC, on the format "yyyy-MM-dd HH:mm:ss
The access key from the API key set.
An HMAC signature created using the secret key from the API key set

Create a string by concatenating the following:

The date as specified in the header.
The access key.
The HTTP method in upper case.
The path (including query string) to the web service being called. Please note, only the path, not the scheme or hostname.

Create a signature with the secret key, taking the concatenated string as input, using the “HmacSHA1” algorithm.
Base64 encode the signature.

So I have done all the above, however I am not sure if my SHA-1 digest with Base 64 is correct. The error returned: Invalid signature.

Can anyone see if I have done this correctly?:

In my screenshot input final contains date in UTC, on the format "yyyy-MM-dd HH:mm:ss + Accesskey + HTTP method + path

The issue is that I can not see the value of the result for the SHA1 digest with Base 64 so I can not compare with other online calculators if the value is correct

edward.w.douglas · January 12, 2021, 9:28am

I make my question easier:

Here is an example string:

2013-11-09 14:33:46de235a6a15c340b6b1e1cb5f3687d04aPOST/activity.json/search?lang=EN&currency=ISK

Secret key: 23e2c7da7f7048e5b46f96bc91324800

The question is would the integrated SHA-1 digest with Base 64 result in : XrOiTYa9Y34zscnLCsAEh8ieoyo=

as this is the method I am trying to achieve

edward.w.douglas · January 12, 2021, 2:20pm

After some googleing I figured out a way using toolbox and the below serverside script:

const crypto = require('crypto')

const text = 'I love cupcakes'
const key = 'abcdeg'

crypto.createHmac('sha1', key)
  .update(text)
  .digest('base64')