...
Once you have created the input string as shown above, it should be hashed using HMAC-SHA256 using your API Secret. Below are some examples of how to compute X-Signature. Some examples for additional languages may be found at http://www.jokecamp.com/blog/examples-of-creating-base64-hashes-using-hmac-sha256-in-different-languages/:
Postman
If you are testing via Postman you can use a pre-request script to generate the X-Signature.
| Code Block | ||
|---|---|---|
| ||
const URL = require('url');
URL.parse(pm.variables.replaceIn(pm.request.url).toString());
var reqParams = pm.request.url.query.all();
pm.request.removeQueryParams(reqParams);
pm.request.addQueryParams(reqParams.sort())
const reqUrl = URL.parse(pm.request.url.toString());
var stringToSign = pm.request.method + ' ' + reqUrl.hostname + reqUrl.path;
if (pm.request.body.raw != undefined) {
stringToSign = stringToSign + '?' + pm.request.body;
} else if (reqUrl.query = null) {
stringToSign = stringToSign + '?';
}
var xSignature = CryptoJS.enc.Base64.stringify(CryptoJS.HmacSHA256(stringToSign, pm.variables.replaceIn('{{apiSecret}}')));
// console.log('reqParams: ' + reqParams);
// console.log('reqUrl: ' + reqUrl.toString());
// console.log('stringToSign: ' + stringToSign);
// console.log('xSignature: ' + xSignature);
pm.request.headers.add({key: 'X-Signature', value: xSignature });
pm.request.headers.add({key: 'X-Token', value: '{{apiToken}}' });
pm.request.headers.add({key: 'Accept', value: 'application/json' }); |
Ruby
| Code Block | ||
|---|---|---|
| ||
require 'base64'
require 'openssl'
secret = "xyz"
request = "GET api.ticketevolution.com/v9/brokerages?page=1&per_page=1"
digest = OpenSSL::Digest::Digest.new('sha256')
signature = Base64.encode64(OpenSSL::HMAC.digest(digest, secret, request)).chomp
puts signature # => "ohGcFIHF3vg75A8Kpg42LNxuQpQZJsTBKv8xnZASzu0=" |
...