inconsistent X-Request-Signature at the API page

[magixbox]

On the following page: http://sms.envaya.org/serverapi/

About the X-Request-Signature generation:

"X-Request-Signature" ::= A signature of the request to verify the phone and the server share the same password. (This doesn't protect against MITM snooping or replay attacks, so it is recommended to use the https:// protocol.)

The signature is calculated by the following algorithm: Sort all POST parameters, not including file uploads, by the name of the field (in the usual ASCII order). Generate an input string by concatenating: the server URL, each of the sorted POST parameters with their corresponding values, and the password, with a comma in between each element, like so: ",,,<...>,,," Generate the SHA-1 hash of the input string in UTF-8

Encode the SHA-1 hash using Base64 with no line breaks.

According to the Javascript in EnvayaSMS request simulator: https://raw.github.com/youngj/EnvayaSMS/master/server/php/example/www/test.html

The name/value pair is actually done in the following format instead, which is contradicting with the document:

= (using = instead of ,) So the whole line should be written as: ",=,<...>,=," We have managed to code the server to authenticate with the simulator generated signature, but unfortunately not with the actual EnvayaSMS client running at the phone. Not even if we changed the server to construct the signature based on , pair also.

[magixbox]

Managed to get the authentication going finally. I'll update the Simulator page shortly.

[magixbox]

Mistake, there is nothing wrong with the simulator, it was the API page need a fix, which I cannot "brunch" it out and make changes: http://sms.envaya.org/serverapi/

Guess I've been debugging far too long today. Need a break now.

[youngj]

Sorry about that! Documentation bug fixed in 7ce12974bbb6b6fdb4b772494f997b015f3c7739