Signature generation in a No-Code platform

billduapp / api_documentation

Documentation for Billdu.com REST API

0 stars 2 forks source link

Signature generation in a No-Code platform #5

Closed VojtechDrda closed 2 years ago

VojtechDrda commented 2 years ago

Hello, I was asked to develop an integration of Billdu using a No-Code platform (Make.com). I'm struggling with generating the signature. For a GET request, is the json part of the signature just an empty array represented by []? Thank you!

danco12 commented 2 years ago

Hello Vojtech,

if there aren't parameters in request then you can use json representation of empty array [] or empty object {}.

VojtechDrda commented 2 years ago

Thank you for the quick response.

I created a simple PHP scipt to give me a signature value for a GET request:

<?php $apiSecret = 'apiSecretGoesHere'; $data = []; $json = json_encode($data); echo urlencode(base64_encode(hash_hmac('sha512',$json,$apiSecret,$raw = TRUE))); ?>

But even using this signature, I still keep getting 400 error saying Signature mismatch.

The entire URL would look like this:

https://api.billdu.com/documents?apiKey=apiKey&timestamp=1656495094&signature=signatureGeneratedByTheScript

Would you or anyone else know what may be wrong?

Thank you!

danco12 commented 2 years ago

My bad, sorry. It shouldn't be completely empty. You should include timestamp and apiKey in $data array as it is in documentation

timestamp = unix_timestamp() //current unix timestamp in seconds
data = [] //empty for GET request, otherwise an array of required request data
toSign = data
toSign['timestamp'] = timestamp
toSign['apiKey'] = your api key
ksort(toSign) //sort the array by keys
json = JSON.encode(toSign)
signature = base64_encode(hash_hmac('sha512', json, apiSecret, raw = TRUE))
first create a raw hmac hash of the json then base64 encode it - this will give you the signaturedon't forget to url encode the signature
signature = urlencode(signature)

and then url should looks like this: https://api.billdu.com/documents?apiKey=apiKey&signature=signature&timestamp=timestamp

VojtechDrda commented 2 years ago

Got it working, thank you!

For anyone connecting to Billdu API through Make (formerly Integromat) platform, this is what worked for me (Get Documents endpoint):

https://api.billdu.com/documents?apiKey=yourApiKey&timestamp={{timestamp}}&signature={{encodeURL(sha512("{""apiKey"":""yourApiKey"",""timestamp"":" + timestamp + "}"; "base64"; "yourApiSecret"))}}

Just copy and paste the code into request field of an http module.