John Davidson

php - Bókun signature generation; what am I missing?

0 comments
Message:


I'm trying to connect to the Bókun Rest API. The documentation says:



Let's say our secret key is 23e2c7da7f7048e5b46f96bc91324800. Now, let's calculate the signature. First select values of the following fields:


Date = 2013-11-09 14:33:46
Access key = de235a6a15c340b6b1e1cb5f3687d04a
HTTP method = POST
Path = /activity.json/search?lang=EN&currency=ISK


So when concatenating the string (date+accesskey+httpmethod+path) becomes:


2013-11-09 14:33:46de235a6a15c340b6b1e1cb5f3687d04aPOST/activity.json/search?lang=EN&> currency=ISK


We then use this, along with the secret key to calculate the HmacSHA1 value for the signature, and Base64 encode it:


X-Bokun-Signature : XrOiTYa9Y34zscnLCsAEh8ieoyo=



So I'm trying to implement this with PHP but hit a rock wall, because the signature does not match the output of the test tool. This is my implementation:


$access_key = 'my_access_key';

$secret_key = 'my_secret_key';

$method = 'POST';

$path = '/activity.json/search?currency=EUR&lang=FI';

$date = '2022-08-31 12:00:00';



$signature_base = $date . $access_key . $method . $path;

$signature = hash_hmac('sha1', $signature_base, $secret_key, true);

$signature_sha1 = sha1($signature_base); // This is for test purposes

$signature_base64 = base64_encode($signature);



echo $signature_base; // 2022-08-31 12:00:00my_access_keyPOST/activity.json/search?currency=EUR&lang=FI

echo $signature_sha1; // 3e81b830958602b54419c61070582519460c36c6

echo $signature_base64; // 5q22t52R0qHk43ssRHs6kyLBSiw=

Then, these are the values I entered into the test tool:


This is the test tool output:



hex: 3e81b830958602b54419c61070582519460c36c6




HEX: 3E81B830958602B54419C61070582519460C36C6




h:e:x: 3e:81:b8:30:95:86:02:b5:44:19:c6:10:70:58:25:19:46:0c:36:c6




base64: PoG4MJWGArVEGcYQcFglGUYMNsY=



What is interesting is that the hex output matches my test SHA1 hash but the base64 does not and I do not understand why. It leads me to suspect the output of hash_hmac but what am I doing wrong? I tried to use both false and true as the last (4th) argument. With false the base64 encoded output does not resemble the example in the documentation. It has too many characters in comparison. With true the resemblance is the same but the value is not.


My Answer:
PHP is a popular server-side scripting language used for web development. It is often used to create dynamic web pages and can interact with databases to retrieve and store information. PHP code is embedded within HTML code and is processed on the server before being sent to the client's web browser.

Rate this post

5 of 5 based on 9886 votes

Comments



© 2024 Hayatsk.info - Personal Blogs Platform. All Rights Reserved.
Create blog  |  Privacy Policy  |  Terms & Conditions  |  Contact Us