Questions & Answers
Q: Which headers should I fill?
A:
Content-type: application/json
Accept: application/json
Accept-encoding: gzip, deflate
Authorization: HMAC webApiId:webApiKey:unix_timestamp_in_ms:Base64HMACSignature
Q: How to perform HMAC authentication?
A:
Signature = unix_timestamp_in_ms + webApiId + webApiKey + req.getMethod() + req.getURI() + content;
Base64HMACSignature = Base64(HmacSHA256(Signature, webApiSecret));
Header = "Authorization: HMAC:webApiId:webApiKey:unix_timestamp_in_ms:Base64HMACSignature"
Example: Signature = "1509018187496b3a113e4-77d2-4118-941d-3168803612abRCsr8eCZsyR59emhGEThttps://localhost:8443/api/v1/account";
There is a sample JavaScript code:
long timestamp = new Date(System.currentTimeMillis()).getTime();
String signature = timestamp + _webApiId + _webApiKey + req.getMethod() + req.getURI() + _content;
byte[] messageBytes = signature.getBytes(StandardCharsets.US_ASCII);
byte[] hmacKeyByte = _webApiSecret.getBytes(StandardCharsets.US_ASCII);
Mac sha256_HMAC = Mac.getInstance("HmacSHA256");
SecretKeySpec secret_key = new SecretKeySpec(hmacKeyByte, "HmacSHA256");
sha256_HMAC.init(secret_key);
byte[] mac_data = sha256_HMAC.doFinal(messageBytes);
byte[] valueDecoded = Base64.encodeBase64(mac_data);
String base64HMACStr = new String(valueDecoded);
req.setHeader(HttpHeaders.AUTHORIZATION, String.format("%1$s %2$s:%3$s:%4$s:%5$s", "HMAC ", _webApiId, _webApiKey, timestamp, base64HMACStr));
Q: How to download content using Curl, Wget, PowerShell?
A: All responses of the Web API is compressed using gzip stream.
You have to add "Accept: application/json" and "Accept-encoding: gzip, deflate"
headers to your request and use gunzip tool to decompress the stream.
Unix curl:
curl -v -H "Content-type: application/json" -H "Accept: application/json" -H "Accept-encoding: gzip, deflate" apimethod | gunzip -
Unix wget:
wget -S -q --header "Content-type: application/json" --header "Accept: application/json" --header "Accept-encoding: gzip, deflate" -O - apimethod | gunzip -
Windows PowerShell:
$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$headers.Add("Content-type","application/json")
$headers.Add("Accept","application/json")
$headers.Add("Accept-Encoding","gzip")
Invoke-RestMethod -Method Get 'apimethod' -Headers $headers