Question
Hello, I need to authenticate an API that requires OAuth encryption.
I'm in the right direction, but I'm sure something is wrong with my signature base base. Since the HMACSHA1 Hash is based on Key and BaseString, I get the wrong oauth_signature.
OAuth Signing Process
Until
I was able to collect all the necessary pieces of data, which include:
- Consumer key
- Consumer secret
- Acceptance token
- Sets a secret
- Sha1Hased value (based on key and message, where Message is the signature base line)
- Signature Signature String
Problem
I get an HTTP (401 Bad Request) returned due to an invalid signature.
note: I am sure that this is how I build the signature line . For information on the API documents that I used, check the bottom page.
Code
GetOAuthToken (Executing the actual request)
public static string GetAuthorizationToken() { string TimeInSecondsSince1970 = ((int)(DateTime.UtcNow - new DateTime(1970, 1, 1)).TotalSeconds).ToString(); string Nonce = System.Convert.ToBase64String(System.Text.Encoding.UTF8.GetBytes(TimeInSecondsSince1970 + TimeInSecondsSince1970 + TimeInSecondsSince1970)); HttpWebRequest httpWebRequest = (HttpWebRequest)WebRequest.Create(GetAppleApiUrl.GetUrl(AppleApiUrl.SESSION_TOKEN)); httpWebRequest.Method = "GET"; string consumer_secret = Uri.EscapeDataString(Settings.SettingsManager.consumer_secret); string token_secret = Uri.EscapeDataString(Settings.SettingsManager.access_secret); string signature_base_string = GetSignatureBaseString(TimeInSecondsSince1970, Nonce); string SHA1HASH = GetSha1Hash(consumer_secret + "&" + token_secret, signature_base_string); string Header = "OAuth realm=" + '"' + "ADM" + '"' + "," + "oauth_consumer_key=" + '"' + Settings.SettingsManager.consumer_key + '"' + "," + "oauth_token=" + '"' + Settings.SettingsManager.access_token + '"' + "," + "oauth_signature_method=" + '"' + "HMAC-SHA1" + '"' + "," + "oauth_signature= " + '"' + SHA1HASH + '"' + "," + "oauth_timestamp=" + '"' + TimeInSecondsSince1970 + '"' + "," + "oauth_nonce=" + '"' + Nonce + '"' + "," + "oauth_version=" + '"' + "1.0" + '"' + ","; httpWebRequest.Headers.Add(HttpRequestHeader.Authorization, Header); var Result = httpWebRequest.GetResponse(); return Result.ToString(); }
GetSha1Hash
public static string GetSha1Hash(string key, string message) { var encoding = new System.Text.ASCIIEncoding(); byte[] keyBytes = encoding.GetBytes(key); byte[] messageBytes = encoding.GetBytes(message); string Sha1Result = string.Empty; using (HMACSHA1 SHA1 = new HMACSHA1(keyBytes)) { var Hashed = SHA1.ComputeHash(messageBytes); Sha1Result = Convert.ToBase64String(Hashed); } return Sha1Result; }
GetSignatureBaseString
public static string GetSignatureBaseString(string TimeStamp, string Nonce) { //1.Convert the HTTP Method to uppercase and set the output string equal to this value. string Signature_Base_String = "Get"; Signature_Base_String = Signature_Base_String.ToUpper(); //2.Append the '&' character to the output string. Signature_Base_String = Signature_Base_String + "&"; //3.Percent encode the URL and append it to the output string. string PercentEncodedURL = Uri.EscapeDataString(GetAppleApiUrl.GetUrl(AppleApiUrl.SESSION_TOKEN)); Signature_Base_String = Signature_Base_String + PercentEncodedURL; //4.Append the '&' character to the output string. Signature_Base_String = Signature_Base_String + "&"; //5.append parameter string to the output string. Signature_Base_String = Signature_Base_String + Uri.EscapeDataString("oauth_consumer_key=" + Settings.SettingsManager.consumer_key); Signature_Base_String = Signature_Base_String + Uri.EscapeDataString("&oauth_token=" + Settings.SettingsManager.access_token); Signature_Base_String = Signature_Base_String + Uri.EscapeDataString("&oauth_signature_method=" +"HMAC-SHA1"); Signature_Base_String = Signature_Base_String + Uri.EscapeDataString("&oauth_timestamp=" + TimeStamp); Signature_Base_String = Signature_Base_String + Uri.EscapeDataString("&oauth_nonce=" + Nonce); Signature_Base_String = Signature_Base_String + Uri.EscapeDataString("&oauth_version=" + "1.0"); return Signature_Base_String; }
Result (Fiddler) 
API Doc