search

Scout24 / restapi-php-sdk

SDK für PHP-Entwickler um die Arbeit mit der API von ImmobilienScout24 zu vereinfachen. Über die API erhält man Ergebnislisten, Objektdaten, uvm. von ImmobilienScout und kann diese Daten inhherhalb seines Webservice integrieren. Die Dokumentation zum SDK findet man unter https://github.com/Immocaster/php-sdk/wiki.
64 stars 46 forks source link

ERROR_AUTH HMAC-SHA1 #57

Open Fruchtgummi opened 2 years ago

Fruchtgummi commented 2 years ago
ERROR_AUTHENTICATION_REQUIRED Invalid signature for signature method HMAC-SHA1 We can't use PHP, only Golang. We build the header with follow code. I hope you can derive it from golang-code. ``` signatureBase := strings.ToUpper(oa.Method) + "&" + url.QueryEscape(strings.Split(oa.Url+oa.Path, "?")[0]) + "&" + url.QueryEscape(parameterString) signingKey := url.QueryEscape(oa.Config.ConsumerSecret) + "&" + url.QueryEscape(oa.RequestToken.TokenSecret) signature := GetSignature(signatureBase, signingKey) ``` and the endcoding-function ``` func GetSignature(base, key string) string { hash := hmac.New(sha1.New, []byte(key)) hash.Write([]byte(base)) signature := hash.Sum(nil) return base64.StdEncoding.EncodeToString(signature) } ``` If I get the offers, example from "/restapi/api/financing/construction/v2/offer" than run this with the generated header from my function. Why do i have to treat leads differently than offers?
DenisHoppe commented 2 years ago

Hello Fruchtgummi, your signature is correctly. Check your Request Url with Parameters. You create the signature with Parameters but the request url is without the query parameter and than the signature is not vaild in your example.

https://datatracker.ietf.org/doc/html/rfc5849#section-3.5.3

Best regards and lot of fun!