Signing a Request

By default, apstrata database will use a secure signature which depends on the data sent. It involves most of the data in the request, and it is calculated using the secret authentication key.

To Create a signature:

  1. Create a standardized string of the query string to be hashed.
    1. URL encode both the parameters and their values.
      1. In case of an attachment, the value would be the URL encoded hexadecimal representation of the MD5 hash of the file bytes (all capital letters).

        MessageDigest messageDigest = MessageDigest.getInstance("MD5"); 
        FileInputStream fis = new FileInputStream(filePath); 
        byte[] bytes = new byte[4096]; 
        int readPos = fis.read(bytes); 
        while (readPos != -1) { 
              md5.update(bytes, 0, readPos); 
              readPos = fis.read(bytes); 
        } 
        String hashedValue = hexToString(messageDigest.digest()).toUpperCase();
    2. Separate the encoded parameters and their values by the equals sign.

    3. Sort the parameters and their values by natural byte ordering (as described in the below example).

    4. Append the name value pairs with an ampersand.

  2. Create the string to be hashed:

    String to hash = HTTPVerb (Upper case) + "\n" + encoded Http URL + "\n" + standardized string

    The HTTP URL will include the scheme, host, port (if present), and the path. It will not include any of the query strings.

  3. Calculate the HMAC-SHA1 hash string using the secret authentication key.

Spaces and asterisk should be encoded as %20 and %2A respectively.

POST http://sandbox.apstrata.com/apsdb/rest/[authentication_key]/CreateStore
Host: host
.........
apsdb.store=myStore&additionalParam1=value1&apsws.time=1234567890


additionalParam1=value1
apsdb.store=myStore
apsws.time=1234567890


"POST\n
http%3A%2F%2Fsandbox.apstrata.com%2Fsandbox%2Dapsdb%2Frest%2Fauthenticationkey%2FCreateStore\n
additionalParam1=value1&apsdb.store=myStore&apsws.time=1234567890"


HMAC-SHA1("secret", "POST\n 
http%3A%2F%2Fsandbox.apstrata.com%2Fsandbox%2Dapsdb%2Frest%2FmyKey%2FCreateStore\nadditionalParam1=value1&apsdb.store=myStore&apsws.time=1234567890")


POST http://sandbox.apstrata.com/apsdb/rest/[authenticationkey]/CreateStore
Host: host
.........
apsdb.store=myStore&additionalParam1=value1&apsws.time=1234567890


$paramArr = array();
array_push(rawurlencode("apsws.time") . "=" . rawurlencode("1234567890"));
array_push(rawurlencode("apsdb.store") . "=" . rawurlencode("myStore"));
array_push(rawurlencode("additionalParam1") . "=" . rawurlencode("value1"));


sort($paramArr);


$stringToSign = "";
for($i = 0; $i <count($paramArr); $i++)
{
            $stringToSign .= $paramArr[$i];
            If($i <count($paramArr) - 1)
            {
                        $stringToSign .= "&";
            }
}
$stringToSign = "POST" . "\n" . rawurlencode (http://sandbox.apstrata.com/apsdb/rest/[authenticationkey]/CreateStore)  
. "\n" . $stringToSign;
// assuming that the secret authentication key has the value "secret"
$signature = hash_hmac("sha1",  $stringToSign, "secret");