Closed magixbox closed 12 years ago
Managed to get the authentication going finally. I'll update the Simulator page shortly.
Mistake, there is nothing wrong with the simulator, it was the API page need a fix, which I cannot "brunch" it out and make changes: http://sms.envaya.org/serverapi/
Guess I've been debugging far too long today. Need a break now.
Sorry about that! Documentation bug fixed in 7ce12974bbb6b6fdb4b772494f997b015f3c7739
On the following page: http://sms.envaya.org/serverapi/
About the X-Request-Signature generation:
"X-Request-Signature" ::=
A signature of the request to verify the phone and the server share the same password. (This doesn't protect against MITM snooping or replay attacks, so it is recommended to use the https:// protocol.)
The signature is calculated by the following algorithm: Sort all POST parameters, not including file uploads, by the name of the field (in the usual ASCII order). Generate an input string by concatenating: the server URL, each of the sorted POST parameters with their corresponding values, and the password, with a comma in between each element, like so: ",,,<...>,,,"
Generate the SHA-1 hash of the input string in UTF-8
Encode the SHA-1 hash using Base64 with no line breaks.
According to the Javascript in EnvayaSMS request simulator: https://raw.github.com/youngj/EnvayaSMS/master/server/php/example/www/test.html
The name/value pair is actually done in the following format instead, which is contradicting with the document: