The signature is built by applying a keyed-HMAC (Hash Message Authentication Code) on parameter string prefixed by the REST API path. The secretKey is provided as a parameter to the keyed-HMAC method. For each field-value pair (as separated by a '&') in the Parameter String, URL, encode each value so that it can be safely sent via HTTP GET.

Note: Make sure all spaces are encoded as "%20".

1. Make the entire Parameter String in lowercase and sort it alphabetically via the field for each field-value pair.

=1368420672402&apikey=mivr6x7u6bn_sdahobpjnejpgest35exq-jb8cg20yi3yaxxcgpyuairmfi_ejtvwz0nukkjbpmy3y2bcikwfq

2. Prefix the parameter string with the REST API path as shown below:

/foo_=1368420672402&apikey=mivr6x7u6bn_sdahobpjnejpgest35exq-jb8cg20yi3yaxxcgpyuairmfi_ejtvwz0nukkjbpmy3y2bcikwfq

3. Take the prefixed Parameter String and run it through the HMAC SHA-1 hashing algorithm with the user's Secret Key. After reconstructing, the final URL appears as follows:

http://localhost:8080/portal/api/foo?=1368420672402&apiKey=mivr6x7u6bn_sdahobpjnejpgest35exq-jb8cg20yi3yaxxcgpyuairmfi_ejtvwz0nukkjbpmy3y2bcikwfq&signature=Cxx1DN401BjmXU%2FcaiK8RAPo02xU%3D

Sample Code to Generate Signature

public String signRequest(String parameterString, String SecretKey) { 
try { 
Mac mac = Mac.getInstance("HmacSHA1"); 
SecretKeySpec keySpec = new SecretKeySpec(SecretKey.getBytes(), "HmacSHA1"); 
mac.init(keySpec); 
mac.update(parameterString.getBytes()); 
byte[] encryptedBytes = mac.doFinal(); 
return URLEncoder.encode(Base64.encodeBytes(encryptedBytes), "UTF-8"); 
} catch (Exception ex) { 
logger.debug(ex); 
} 
return null; 
}