...
- Create a standardized string of the query string to be hashed.
- URL encode both the parameters and their values.
In case of an attachment, the value would be the URL encoded hexadecimal representation of the MD5 hash of the file bytes (all capital letters).
Code Block theme EclipseConfluence language java title Example MessageDigest messageDigest = MessageDigest.getInstance("MD5"); FileInputStream fis = new FileInputStream(filePath); byte[] bytes = new byte[4096]; int readPos = fis.read(bytes); while (readPos != -1) { md5.update(bytes, 0, readPos); readPos = fis.read(bytes); } String hashedValue = hexToString(messageDigest.digest()).toUpperCase();
Separate the encoded parameters and their values by the equals sign.
Sort the parameters and their values by natural byte ordering (as described in the below example).
Append the name value pairs with an ampersand.
- URL encode both the parameters and their values.
Create the string to be hashed:
Code Block theme FadeToGreyConfluence language java title Hashed String String to hash = HTTPVerb (Upper case) + "\n" + encoded Http URL + "\n" + standardized string
The HTTP URL will include the scheme, host, port (if present), and the path. It will not include any of the query strings.
Calculate the HMAC-SHA1 hash string using the secret authentication key.
Note |
---|
Spaces and asterisk should be encoded as %20 and %2A respectively. |
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
POST http://sandbox.apstrata.com/apsdb/rest/[authentication_key]/CreateStore Host: host ......... apsdb.store=myStore&additionalParam1=value1&apsws.time=1234567890 |
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
additionalParam1=value1 apsdb.store=myStore apsws.time=1234567890 |
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
"POST\n http%3A%2F%2Fsandbox.apstrata.com%2Fsandbox%2Dapsdb%2Frest%2Fauthenticationkey%2FCreateStore\n additionalParam1=value1&apsdb.store=myStore&apsws.time=1234567890" |
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
HMAC-SHA1("secret", "POST\n http%3A%2F%2Fsandbox.apstrata.com%2Fsandbox%2Dapsdb%2Frest%2FmyKey%2FCreateStore\nadditionalParam1=value1&apsdb.store=myStore&apsws.time=1234567890") |
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
POST http://sandbox.apstrata.com/apsdb/rest/[authenticationkey]/CreateStore Host: host ......... apsdb.store=myStore&additionalParam1=value1&apsws.time=1234567890 $paramArr = array(); array_push(rawurlencode("apsws.time") . "=" . rawurlencode("1234567890")); array_push(rawurlencode("apsdb.store") . "=" . rawurlencode("myStore")); array_push(rawurlencode("additionalParam1") . "=" . rawurlencode("value1")); sort($paramArr); $stringToSign = ""; for($i = 0; $i <count($paramArr); $i++) { $stringToSign .= $paramArr[$i]; If($i <count($paramArr) - 1) { $stringToSign .= "&"; } } $stringToSign = "POST" . "\n" . rawurlencode (http://sandbox.apstrata.com/apsdb/rest/[authenticationkey]/CreateStore) . "\n" . $stringToSign; // assuming that the secret authentication key has the value "secret" $signature = hash_hmac("sha1", $stringToSign, "secret"); |