Hello All,
If anyone can help with this will be awesome.
I have to query an API, but this one has weird signing requirements where the body has to be signed with authorization token which can be made using session ID / access key.
I am able to create the access key and session key, but just cant get the code together for me to be able to sign it.
This i what i came up with but just dosent work.
Any pointers will be very helpful.
Ignore SSL certificate errors (not recommended for production)
[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}
Set the base URL of the web service
$baseUrl = “https://10.10.10.23:443/api/v1”
Set the endpoint for the session
$sessionEndpoint = “/sessions”
Combine base URL with the session endpoint
$sessionUrl = $baseUrl + $sessionEndpoint
Set your username and password
$username = “ccc”
$password = “ccc”
Build the request body
$body = @{
username = $username
password = $password
} | ConvertTo-Json
Calculate MD5 hash of the request body
$md5 = [System.Security.Cryptography.MD5]::Create()
$md5Hash = [System.Convert]::ToBase64String($md5.ComputeHash([System.Text.Encoding]::UTF8.GetBytes($body)))
Set the Date header to the current date and time in the RFC1123 format
$dateHeader = (Get-Date).ToUniversalTime().ToString(“R”)
Send the POST request to create a session
$sessionResponse = Invoke-RestMethod -Uri $sessionUrl -Method Post -Body $body -ContentType “application/json;charset=utf-8” -Headers @{
Date = $dateHeader
“Content-MD5” = $md5Hash
}
Extract the access key and ID from the session response
$accessKey = $sessionResponse.accessKey
$id = $sessionResponse.id
Output the access key and ID
Write-Host “Access Key: $accessKey”
Write-Host “ID: $id”
#Works fine till here
Set the endpoint for the door
$doorEndpoint = “/doors/SLPORT15”
Combine base URL with the door endpoint
$doorUrl = $baseUrl + $doorEndpoint
Set access key and ID obtained from previous response
#$accessKey = “bcdd634f89db4a1e9c9672e2f49bd90c”
#$id = “bcdd634f89db4a1e9c9672e2f49bd90c” # Assuming the ID and access key are the same based on your example
Set the Date header to the current date and time in the RFC1123 format
$dateHeader = (Get-Date).ToUniversalTime().ToString(“R”)
Construct the string to sign
$stringToSign = “GETn
nnhost:$baseUrl
ndate:$dateHeader`n/$doorEndpoint”
Sign the string using the access key
$signature = New-Object System.Security.Cryptography.HMACSHA256
$signature.Key = [Convert]::FromBase64String($accessKey)
$signatureBytes = $signature.ComputeHash([Text.Encoding]::UTF8.GetBytes($stringToSign))
$signatureBase64 = [Convert]::ToBase64String($signatureBytes)
Construct the Authorization header
#$authorizationHeader = “AWS $accessKey:$signatureBase64”
#$authorizationHeader = “AWS $accessKey/$signatureBase64”
$authorizationHeader = “AWS $accessKey” + “:” + $signatureBase64
Send the GET request with the Authorization header
$doorResponse = Invoke-RestMethod -Uri $doorUrl -Method Get -Headers @{
Date = $dateHeader
Authorization = $authorizationHeader
}
Output the response
$doorResponse
I have gone through the documentation but i still cant figure out a way.
7.1.3 Sign a request without a body
Prerequisites: Use case 7.1.1.
This use case describes how to sign the following GET request.
GET /api/v1/cards?validTime=20130105T1200&cardHolder=jdoe HTTP/1.1
Date: Wed, 16 Jan 2013 15:23:02 +0000
The header has no Content-MD5 field and no Content-Type field, so the second and third lines of the string that
should be signed will be empty. There is also no X-Aah-Date field, so the canonicalized headers part is omitted.
The parameters validTime and cardHolder are rearranged so they become lexicographically ordered, and the
resulting string is:
GET\n
\n
\n
Wed, 16 Jan 2013 15:23:02 +0000\n
/api/v1/cards?cardHolder=jdoe&validTime=20130105T1200
This string, encoded as UTF-8, has a length of 91 characters. It is signed with the session access key AQIDBAUGBwg= (which was received in use case 7.1.1) using HMAC-SHA1.
The resulting signature in hexadecimal is 341b5e6ed197d4d4dbb2148e67909e2aeedab68e. Encoded as Base 64 it becomes NBtebtGX1NTbshSOZ5CeKu7ato4=. This value is placed together with the session ID to form the header Authorization AWS 342ba291:NBtebtGX1NTbshSOZ5CeKu7ato4=.
There a typescript that one of my mates made but i cant translate it to PS.