I’m working on integrating an API that requires HMAC-SHA256 signature authentication, along with a timestamp (in GMT), in the request headers. This is a common pattern I’ve seen with some booking and marketplace APIs.
How do you dynamically generate timestamps in GMT (RFC 1123) format in Bubble?
Best approach to build the “string-to-sign” and HMAC-SHA256 signature (in workflows vs. API Connector)?
Any tips on setting up HMAC-SHA256 with timestamps for APIs like this?
Would really appreciate any guidance or examples if someone has tackled this before.
When I need this type of auth, most of the time I do this:
Create a plugin for the call auth that handle all request type. This plugin will have field for body and request type (GET, POST…).
In the plugin (that need to be a server side plugin), you will generate the signature and the timestamp. In most case, I will return 3 things: timestamp, signature and Body. I use that after to API using API Connector so I can use Bubble feature to parse the response.
