Generating the Signature
The signature is built by applying a keyed-HMAC (Hash Message Authentication Code) on parameter string prefixed by the REST API path. The secretKey is provided as a parameter to the keyed-HMAC method. For each field-value pair (as separated by a '&') in the Parameter String, URL, encode each value so that it can be safely sent via HTTP GET.
Note: Make sure all spaces are encoded as "%20".
1. Make the entire Parameter String in lowercase and sort it alphabetically via the field for each field-value pair.
=1368420672402&apikey=mivr6x7u6bn_sdahobpjnejpgest35exq-jb8cg20yi3yaxxcgpyuairmfi_ejtvwz0nukkjbpmy3y2bcikwfq
2. Prefix the parameter string with the REST API path as shown below:
/foo_=1368420672402&apikey=mivr6x7u6bn_sdahobpjnejpgest35exq-jb8cg20yi3yaxxcgpyuairmfi_ejtvwz0nukkjbpmy3y2bcikwfq
3. Take the prefixed Parameter String and run it through the HMAC SHA-1 hashing algorithm with the user's Secret Key. After reconstructing, the final URL appears as follows:
Sample Code to Generate Signature
public String signRequest(String parameterString, String SecretKey) {
try {
Mac mac = Mac.getInstance("HmacSHA1");
SecretKeySpec keySpec = new SecretKeySpec(SecretKey.getBytes(), "HmacSHA1");
mac.init(keySpec);
mac.update(parameterString.getBytes());
byte[] encryptedBytes = mac.doFinal();
return URLEncoder.encode(Base64.encodeBytes(encryptedBytes), "UTF-8");
} catch (Exception ex) {
logger.debug(ex);
}
return null;
}
Comments