Note |
---|
From version 4.0 the recommended authentication method is JWT and not the URL signing described below |
Example of how to sign a request in Java
This example refrences org.apache.commons.lang3 which needs to be included. (Can be downloaded at http://commons.apache.org/lang/)
Code Block | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
import java.util.*;
import java.text.*;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.net.URLEncoder;
import java.net.URLDecoder;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
class MeridixSignature
{
public static void main(String[] args) throws UnsupportedEncodingException, NoSuchAlgorithmException {
String token = "gf94bfdds9bd4b8885466baa8dsc28";
System.out.printf("Token:\n%s\n", token);
String secret = "56fhu73df434a8";
System.out.printf("Secret:\n%s\n", secret);
String request = "http://site.meridix.se/api/customer/listcustomers";
System.out.printf("Request:\n%s\n", request);
String nonce = UUID.randomUUID().toString().substring(0, 8);
System.out.printf("Nonce:\n%s\n", nonce);
SimpleDateFormat dateFormat = new SimpleDateFormat("yyyyMMddHHmmss");
dateFormat.setTimeZone(TimeZone.getTimeZone("UTC"));
String timestamp = dateFormat.format(new Date());
System.out.printf("Timestamp:\n%s\n", timestamp);
List<String> parameters = new ArrayList<String>();
parameters.add("auth_nonce=" + nonce);
parameters.add("auth_timestamp=" + timestamp);
parameters.add("auth_token=" + token);
Collections.sort(parameters);
String parametersConcated = org.apache.commons.lang3.StringUtils.join(parameters, "&");
System.out.printf("ParametersConcated:\n%s\n", parametersConcated);
String parametersConcatedEncoded = URLEncoder.encode(parametersConcated, "UTF-8");
System.out.printf("ParametersConcatedEncoded:\n%s\n", parametersConcatedEncoded);
String requestEncoded = URLEncoder.encode(request, "UTF-8");
System.out.printf("RequestEncoded:\n%s\n", requestEncoded);
// IMPORTANT - The GET&-prefix must be change to POST& etc. when using different HTTP Verbs than GET.
String verbRequestQuery = "GET&" + requestEncoded + "&" + parametersConcatedEncoded + "&" + secret;
System.out.printf("VerbRequestQuery:\n%s\n", verbRequestQuery);
String signature = generateMD5Hash(verbRequestQuery);
System.out.printf("Signature:\n%s\n", signature);
String signedRequest = request + "?" + parametersConcated + "&auth_signature=" + signature;
System.out.printf("SignedRequest:\n%s\n", signedRequest);
}
public static String pad(String s, int length, char pad) {
StringBuffer buffer = new StringBuffer(s);
while (buffer.length() < length) {
buffer.insert(0, pad);
}
return buffer.toString();
}
public static String generateMD5Hash(String input) throws NoSuchAlgorithmException, UnsupportedEncodingException {
MessageDigest digester = MessageDigest.getInstance("MD5");
digester.update(input.getBytes("UTF-8"));
return pad((new BigInteger(1,digester.digest())).toString(16),32,'0');
}
} |
...