I want to use the Magento 1.x REST API to obtain all the products from the webshop. It uses OAUTH1 but I have some trouble getting it to work using PHP and Guzzle. I have the following information:
$consumerKey = '..';
$consumerSecret = '..';
$token = '..';
$tokenSecret = '..';
Using Postman I can already obtain all the products so I know for sure that the values are correct. My question now is how do I create the signature? I have the following code but it seems to be wrong:
private function buildSignature()
{
$nonce = uniqid(mt_rand(1, 1000));
$timestamp = time();
$consumerKey = 'xx';
$consumerSecret = 'xx';
$token = 'xx';
$tokenSecret = 'xx';
$base = 'GET&'. rawurlencode('https://www.magentoshop.com/api/rest/products') .'&'.
rawurlencode('oauth_consumer_key='. $consumerKey) .'&'.
rawurlencode('oauth_nonce='. $nonce) .'&'.
rawurlencode('oauth_signature_method=HMAC-SHA1') .'&'.
rawurlencode('oauth_timestamp='. $timestamp) .'&'.
rawurlencode('oauth_token='. $token) .'&'.
rawurlencode('oauth_version=1.0')
;
$key = rawurlencode($consumerSecret) .'&'. rawurlencode($tokenSecret);
return base64_encode(hash_hmac('sha1', $base, $key, true));
}
The response I get is always: "{"messages":{"error":[{"code":401,"message":"oauth_problem=signature_invalid"}]}}"
What am I doing wrong?
maybe you can review links
https://magento.stackexchange.com/questions/147319/error-oauth-problem-signature-invalid-for-post
http://developer.pearson.com/creating-and-using-oauth-10a-signature
Related
i want to generate the signature this code gives me using simple php with no oauth class:
$oauth = new OAuth($my_key, $my_secret);
$bodyHash = base64_encode(sha1($body_content, true)); //contains the body
$sig = $oauth->generateSignature('GET', $url, Array("oauth_body_hash" => $bodyHash));
what i have done so far is this:
$bodyHash = base64_encode(sha1($xml, true));
$result_data = array(
'oauth_body_hash' => $bodyHash
);
$result_data_keys = array_keys($result_data);
sort($result_data_keys);
$launch_params = array();
foreach ($result_data_keys as $key) {
array_push($launch_params, $key . "=" . rawurlencode($result_data[$key]));
}
$base_string = "POST&" . urlencode($sUrl) . "&" . rawurlencode(implode("&", $launch_params));
$signature = base64_encode(hash_hmac("sha1", $base_string, $my_secret, true));
but im not getting the same signature!
this is the simplified version of the problem i have posted earlier here: Building a body signed oauth xml request for LTI Outcomes service
any idea what im doing wrong?
I am trying to generate the Authorization header for quickbook online in Auth1.0, Here is my code. But when I trying to use API, it refuses the signature. Can anyone point out the error, please?
<?php
$method = "POST";
$QBO_SANDBOX_URL= "https://sandbox-quickbooks.api.intuit.com/";
$company_id = "123145773232334";
$consumerKey = "qyprdww4dFum0345345ffKla4dEa9HJ";
$consumerSecret = "57d5qY4sdmeUPertBgPtYBoeKYu9z6ip0XhXBhg";
$accessTokenKey = "qyprdgLFTNax4qv8zpA6fWUdkUunuvIfAK5LWsCUBDKyiB7p";
$accessTokenSecret = "HuEoqCQk01SKRgqRBZzEvhZvO5RIdWihK6vWodwG";
$query = "Select * from Account STARTPOSITION 1 MAXRESULTS 5";
$time = time();
$base = $method.'&'.rawurlencode($QBO_SANDBOX_URL.'v3/company/'.$company_id).'&'
.rawurlencode("oauth_consumer_key=".rawurlencode($consumerKey)
.'&oauth_nonce='.rawurlencode('34604g54654y456546')
.'&oauth_signature_method='.rawurlencode('HMAC-SHA1')
.'&oauth_timestamp='.rawurlencode($time)
.'&oauth_token='.rawurlencode($accessTokenKey)
.'&oauth_version='.rawurlencode('1.0')
.'&'.rawurlencode($query));
$key = rawurlencode($consumerSecret.'&'.$accessTokenSecret);
$signature = base64_encode(hash_hmac("sha1", $base, $key, true));
$auth = 'OAuth oauth_token="'.$accessTokenKey.'",oauth_nonce="ea9ec8429b68d6b77cd5600adbbb0456",oauth_consumer_key="'.$consumerKey.'",oauth_signature_method="HMAC-SHA1", oauth_timestamp="'.$time.'",oauth_version ="1.0",oauth_signature="'.$signature.'"';
echo $auth;
?>
I'm making app-to-phone app using Sinch.
I'm successfully providing the callback for ICE and ACE event without request signin.
But now, when I try to sign the request to make it more secure, it always fails to meet the requirement
I get my code from here : Trouble with authorization request
It works when I try to use data and application key from https://www.sinch.com/using-rest/#callbackrequestsigning
But when I try to use real data, it always fail.
$key = "xxxxxx-xxxx-xxxx-xxxx-xxxxxxx";
$secret = 'my-app-secret';
$body = $request->getContent();
$timestamp = $request->input('timestamp');
$path = '/sinch/callback/' . $callbackType;
$content_type = "application/json";
$canonicalized_headers = "x-timestamp:" . $timestamp;
$content_md5 = base64_encode( md5( utf8_encode($body), true ));
$string_to_sign =
"POST\n".
$content_md5."\n".
$content_type."\n".
$canonicalized_headers."\n".
$path;
$signature = base64_encode(hash_hmac("sha256", utf8_encode($string_to_sign), base64_decode($secret), true));
$authorizationHeader = $request->header('Authorization');
$sinchAuthorizationHeader = str_replace('Application ', '', $authorizationHeader);
$sinchAuthorizationHeader = explode(':', $sinchAuthorizationHeader);
if($sinchAuthorizationHeader[0] == $key && $signature == $sinchAuthorizationHeader[1]) {
return true;
}
return false;
Any help would be appreciated.
Using the default Tumblr v2 API, I'm able to connect to my application, and retrieve posts from my own account. However, I'd like users to be able to connect their own accounts. I've tried to figure this out but I'm not entirely sure how to use OAuth (im using this class). How is this done?
The code I'm using to retrieve dashboard posts is:
$consumerKey = 'xxx';
$consumerSecret = 'xxx';
$tumblr = new Tumblr\API\Client(
$consumerKey,
$consumerSecret
);
var_dump( $tumblr->getDashboardPosts() ); // using var_dump for testing purposes only
This code works, but it's only returning the code for my PERSONAL account.
I figured it out, thanks to Github user seejohnrun.
require_once 'include/util.php';
$consumerKey = 'XXX';
$consumerSecret = 'XXX';
$client = new Tumblr\API\Client($consumerKey, $consumerSecret);
$requestHandler = $client->getRequestHandler();
$requestHandler->setBaseUrl('https://www.tumblr.com/');
// If we are visiting the first time
if (!$_GET['oauth_verifier']) {
// grab the oauth token
$resp = $requestHandler->request('POST', 'oauth/request_token', array());
$out = $result = $resp->body;
$data = array();
parse_str($out, $data);
// tell the user where to go
echo ' GO ';
$_SESSION['t']=$data['oauth_token'];
$_SESSION['s']=$data['oauth_token_secret'];
} else {
$verifier = $_GET['oauth_verifier'];
// use the stored tokens
$client->setToken($_SESSION['t'], $_SESSION['s']);
// to grab the access tokens
$resp = $requestHandler->request('POST', 'oauth/access_token', array('oauth_verifier' => $verifier));
$out = $result = $resp->body;
$data = array();
parse_str($out, $data);
// and print out our new keys we got back
$token = $data['oauth_token'];
$secret = $data['oauth_token_secret'];
echo "token: " . $token . "<br/>secret: " . $secret;
// and prove we're in the money
$client = new Tumblr\API\Client($consumerKey, $consumerSecret, $token, $secret);
$info = $client->getUserInfo();
echo "<br/><br/>congrats " . $info->user->name . "!";
}
I try to make private API requests for Yahoo. I used the code below but it does not work. It always returns the message 'invalid sig'.
Can you help me with a Two-legged OAuth Yahoo PHP example that works?
Thank you very much.
<?php // a super-stripped down 2-leg oauth server/client example
//http://oauth.net/code/
//http://oauth.googlecode.com/svn/code/php/OAuth.php
require 'oauth.php';
$key = 'key';
$secret = 'secret';
$consumer = new OAuthConsumer($key, $secret);
$sig_method = new OAuthSignatureMethod_HMAC_SHA1();
if ($_GET['server']) {
$method = $_SERVER['REQUEST_METHOD'];
$uri = 'http://' . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];
$sig = $_GET['oauth_signature'];
$req = new OAuthRequest($method, $uri);
// token is null because we're doing 2-leg
$valid = $sig_method->check_signature($req, $consumer, null, $sig);
if (!$valid) {
die('invalid sig');
}
echo 'orale!';
}
else {
// call this file
$api_endpoint = 'http://' . $_SERVER['SERVER_NAME'] . $_SERVER['PHP_SELF'];
// handle request in 'server' block above
$parameters = array(
'server' => 'true');
// use oauth lib to sign request
$req = OAuthRequest::from_consumer_and_token($consumer, null, "GET", $api_endpoint, $parameters);
$sig_method = new OAuthSignatureMethod_HMAC_SHA1();
$req->sign_request($sig_method, $consumer, null); // note: double entry of token
// get data using signed url
$ch = curl_init($req->to_url());
curl_exec($ch);
curl_close($ch);
}
Do you generate the signature according to the Yahoo specification here?
Or you can use plaintext signature as described here.