Sample code for 30+ languages & platforms
Chilkat2-Python

Plaza API (bol.com) HMAC-SHA256 Authentication

See more Encryption Examples

Demonstrates how to compute the Authorization header for bol.com using HMAC-SHA256.

Chilkat Chilkat2-Python Downloads

Chilkat2-Python
import chilkat2

# This example assumes the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.

crypt = chilkat2.Crypt2()

crypt.EncodingMode = "base64"
crypt.HashAlgorithm = "sha256"
crypt.MacAlgorithm = "hmac"

publicKey = "oRNWbHFXtAECmhnZmEndcjLIaSKbRMVE"
privateKey = "MaQHPOnmYkPZNgeRziPnQyyOJYytUbcFBVJBvbMKoDdpPqaZbaOiLUTWzPAkpPsZFZbJHrcoltdgpZolyNcgvvBaKcmkqFjucFzXhDONTsPAtHHyccQlLUZpkOuywMiOycDWcCySFsgpDiyGnCWCZJkNTtVdPxbSUTWVIFQiUxaPDYDXRQAVVTbSVZArAZkaLDLOoOvPzxSdhnkkJWzlQDkqsXNKfAIgAldrmyfROSyCGMCfvzdQdUQEaYZTPEoA"

# The string to sign is this:
# http_verb +'\n\n'+ content_type +'\n'+ x_bol_date +'\n'+ 'x-bol-date:'+ x_bol_date +'\n'+ uri

http_verb = "GET"
content_type = "application/xml"
x_bol_date = "Wed, 17 Feb 2016 00:00:00 GMT"
uri = "/services/rest/orders/v2"

# IMPORTANT: Notice the use of underscore and hyphen (dash) chars in x-bol-date vs. x_bol_date.
# In one place hypens are used.  In two places, underscore chars are used.
sb = chilkat2.StringBuilder()
sb.Append(http_verb)
sb.Append("\n\n")
sb.Append(content_type)
sb.Append("\n")
sb.Append(x_bol_date)
sb.Append("\nx-bol-date:")
sb.Append(x_bol_date)
sb.Append("\n")
sb.Append(uri)
print("[" + sb.GetAsString() + "]")

# Set the HMAC key:
crypt.SetMacKeyEncoded(privateKey,"ascii")
mac = crypt.MacStringENC(sb.GetAsString())

# The answer should be: nqzLWvXI1eBhBXrRx5NF23V5hS8Q1xWCloJzPi/RAts=
print(mac)

# The last step is to append the public key with the signature
sbHeader = chilkat2.StringBuilder()
sbHeader.Append(publicKey)
sbHeader.Append(":")
sbHeader.Append(mac)

hdrValue = sbHeader.GetAsString()
print(hdrValue)