Authentication
Every private data or bot endpoint is secured with a private key
- Arrange the parameters in ascending alphabetical order
- Combine them with &. Don't URL encode them.
- Encode complete string to UTF8.
- Create a SHA256 signature from the encoded string and the Local API token.
- Remove - from the signature
- Make sure the signature is upper case.
- Add "&sig=signature" to the URL.
C#
Bash
FileMaker v17
Python
public string CreateSignature(Dictionary<string, string> parameters, string privateKey)
{
var parametersString = string.Empty;
foreach (var parameter in parameters.OrderBy(c => c.Key))
parametersString += $"&{parameter.Key}={parameter.Value}";
parametersString = parametersString.TrimStart('&');
var hmac = new HMACSHA256(Encoding.UTF8.GetBytes(privateKey));
var hash = hmac.ComputeHash(Encoding.UTF8.GetBytes(parametersString));
var sig = BitConverter.ToString(hash).Replace("-", "");
return sig;
}
echo -n $parameters | iconv -f ascii -t utf8 | openssl sha256 -hmac "$key" | awk '{ print toupper($2) }'
HexEncode (CryptAuthCode ( "abc + UTF-8 ordered parameters in other words string"; "SHA256"; "local api key" ))
import hmac
import hashlib
import collections
from typing import Dict
@staticmethod
def generate_signature(parameters: Dict[str, str], privatekey: str):
parameter_string = ""
parameters = collections.OrderedDict(sorted(parameters.items()))
for key, value in parameters.items():
parameter_string += "&" + str(key) + "=" + str(value)
parameter_string = parameter_string.replace("&", "", 1)
key = bytes(privatekey, 'UTF-8')
message = bytes(parameter_string, 'UTF-8')
digester = hmac.new(key, message, hashlib.sha256)
signature = digester.digest()
signature = signature.hex().replace("-", "").upper()
r
Last modified 4yr ago