Example in C#

Owned by Johan Wendelstam
Last updated: Mar 30, 2022
3 min read
From version 4.0 the recommended authentication method is JWT and not the URL signing described below

Two example of how to sign a request in C#

This first one is the simplest possible solution and the second one describes how to create a helper method that can assist you when signing requests.


c# simple
using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.Security.Cryptography;
using System.Text;

namespace SignatureDemo
{
    class Program
    {
        static void Main(string[] args)
        {
            string token = "gfd4535das23124das132d2dsa";
            Console.WriteLine("Token:\r\n{0}\r\n", token);

            string secret = "54g6das4435f43";
            Console.WriteLine("Secret:\r\n{0}\r\n", secret);

            string request = "http://site.meridix.se/api/customer/listcustomers";
            Console.WriteLine("Request:\r\n{0}\r\n", request);

            string nonce = Guid.NewGuid().ToString().Substring(0, 8);
            Console.WriteLine("Nonce:\r\n{0}\r\n", nonce);

            string timestamp = DateTime.UtcNow.ToString("yyyyMMddHHmmss");
            Console.WriteLine("timestamp:\r\n{0}\r\n", timestamp);

            List<string> parameters = new List<string>();
            parameters.Add("auth_nonce=" + nonce);
            parameters.Add("auth_timestamp=" + timestamp);
            parameters.Add("auth_token=" + token);
            parameters.Sort();

            string parametersConcated = string.Join("&", parameters);
            Console.WriteLine("ParametersConcated:\r\n{0}\r\n", parametersConcated);

            string parametersConcatedEncoded = Uri.EscapeDataString(parametersConcated);
            Console.WriteLine("ParametersConcatedEncoded:\r\n{0}\r\n", parametersConcatedEncoded);

            string requestEncoded = Uri.EscapeDataString(request);
            Console.WriteLine("RequestEncoded:\r\n{0}\r\n", requestEncoded);
            
			// IMPORTANT - The GET&-prefix must be change to POST& etc. when using different HTTP Verbs than GET.
            string verbRequestQuery = "GET&" + requestEncoded + "&" + parametersConcatedEncoded + "&" + secret;
            Console.WriteLine("VerbRequestQuery:\r\n{0}\r\n", verbRequestQuery);

            var signature = CreateSignature(verbRequestQuery);
            Console.WriteLine("Signature:\r\n{0}\r\n", signature);

            var signedRequest = request + "?" + parametersConcated + "&auth_signature=" + signature;
            Console.WriteLine("SignedRequest:\r\n{0}\r\n", signedRequest);
        }

        static string CreateSignature(string verbRequestQuery)
        {
            byte[] bytes = Encoding.UTF8.GetBytes(verbRequestQuery);
            MD5 md5 = new MD5CryptoServiceProvider();
            byte[] signatureBytes = md5.ComputeHash(bytes);
            StringBuilder stringBuilder = new StringBuilder();
            for (int i = 0; i < signatureBytes.Length; i++)
                stringBuilder.Append(signatureBytes[i].ToString("x2"));
            return stringBuilder.ToString();
        }
    }
}


Webpage: www.meridix.se
Email: support@meridix.se
Tel: +46 (0) 21 38 30 32