DataFlex
DataFlex
ebay: Add Digital Signature to HTTP Request
See more eBay Examples
Demonstrates how to add a digital signature to an ebay HTTP request.Chilkat DataFlex Downloads
Use ChilkatAx-win32.pkg
Procedure Test
Boolean iSuccess
String sStrPrivateKey
String sStrPublicKey
String sStrJwe
Handle hoSbBody
Variant vSbSigBase
Handle hoSbSigBase
Variant vSbSigInput
Handle hoSbSigInput
Handle hoDt
String sUnixTimeNow
Variant vBdPrivKey
Handle hoBdPrivKey
Variant vPrivKey
Handle hoPrivKey
Variant vBdToBeSigned
Handle hoBdToBeSigned
Handle hoEddsa
String sSigBase64
Handle hoHttp
Handle hoSbContentDigestHdr
Handle hoSbSigHdr
String sUrl
String sJsonStr
Variant vResp
Handle hoResp
String sTemp1
Integer iTemp1
Boolean bTemp1
Move False To iSuccess
// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.
// Note: Ebay provides a Key Management API
// See https://developer.ebay.com/api-docs/developer/key-management/overview.html
// The following test keys can be used:
//
// Ed25519
//
// Private Key:
//
// -----BEGIN PRIVATE KEY-----
// MC4CAQAwBQYDK2VwBCIEIJ+DYvh6SEqVTm50DFtMDoQikTmiCqirVv9mWG9qfSnF
// -----END PRIVATE KEY-----
Move "MC4CAQAwBQYDK2VwBCIEIJ+DYvh6SEqVTm50DFtMDoQikTmiCqirVv9mWG9qfSnF" To sStrPrivateKey
//
// Public Key:
//
// -----BEGIN PUBLIC KEY-----
// MCowBQYDK2VwAyEAJrQLj5P/89iXES9+vFgrIy29clF9CC/oPPsw3c5D0bs=
// -----END PUBLIC KEY-----
Move "MCowBQYDK2VwAyEAJrQLj5P/89iXES9+vFgrIy29clF9CC/oPPsw3c5D0bs=" To sStrPublicKey
// This example assumes you got a JWE for your given private key from the Ebay Key Management REST API.
// This JWE is just for example:
Move "eyJ6aXAiOiJERUYiLCJlbmMiOiJBMjU2R0NNIiwidGFnIjoiSXh2dVRMb0FLS0hlS0Zoa3BxQ05CUSIsImFsZyI6IkEyNTZHQ01LVyIsIml2IjoiaFd3YjNoczk2QzEyOTNucCJ9.2o02pR9SoTF4g_5qRXZm6tF4H52TarilIAKxoVUqjd8.3qaF0KJN-rFHHm_P.AMUAe9PPduew09mANIZ-O_68CCuv6EIx096rm9WyLZnYz5N1WFDQ3jP0RBkbaOtQZHImMSPXIHVaB96RWshLuJsUgCKmTAwkPVCZv3zhLxZVxMXtPUuJ-ppVmPIv0NzznWCOU5Kvb9Xux7ZtnlvLXgwOFEix-BaWNomUAazbsrUCbrp514GIea3butbyxXLNi6R9TJUNh8V2uan-optT1MMyS7eMQnVGL5rYBULk.9K5ucUqAu0DqkkhgubsHHw" To sStrJwe
Get Create (RefClass(cComChilkatStringBuilder)) To hoSbBody
If (Not(IsComObjectCreated(hoSbBody))) Begin
Send CreateComObject of hoSbBody
End
Get ComAppend Of hoSbBody '{"hello": "world"}' To iSuccess
Showln "Body of request:"
Get ComGetAsString Of hoSbBody To sTemp1
Showln sTemp1
// -------------------------------------------------
// Build the signature base string...
Get Create (RefClass(cComChilkatStringBuilder)) To hoSbSigBase
If (Not(IsComObjectCreated(hoSbSigBase))) Begin
Send CreateComObject of hoSbSigBase
End
Get ComAppend Of hoSbSigBase '"content-digest": sha-256=:' To iSuccess
Get ComGetHash Of hoSbBody "sha256" "base64" "utf-8" To sTemp1
Get ComAppend Of hoSbSigBase sTemp1 To iSuccess
Get ComAppend Of hoSbSigBase ":" + (character(10)) To iSuccess
Get ComAppend Of hoSbSigBase '"x-ebay-signature-key": ' To iSuccess
Get ComAppend Of hoSbSigBase sStrJwe To iSuccess
Get ComAppend Of hoSbSigBase (character(10)) To iSuccess
Get ComAppend Of hoSbSigBase '"@method": POST' + (character(10)) To iSuccess
// This is the path part of the URL without query params...
Get ComAppend Of hoSbSigBase '"@path": ' To iSuccess
Get ComAppend Of hoSbSigBase "/verifysignature" To iSuccess
Get ComAppend Of hoSbSigBase (character(10)) To iSuccess
// The is the domain, such as "api.ebay.com" w/ port if the port is something unusual.
// In this example, we're testing against a local docker test server (see the info at https://developer.ebay.com/develop/guides/digital-signatures-for-apis)
// Normally, I think it would just be "api.ebay.com" instead of "localhost:8080".
Get ComAppend Of hoSbSigBase '"@authority": ' To iSuccess
Get ComAppend Of hoSbSigBase "localhost:8080" To iSuccess
Get ComAppend Of hoSbSigBase (character(10)) To iSuccess
Get ComAppend Of hoSbSigBase '"@signature-params": ' To iSuccess
Get Create (RefClass(cComChilkatStringBuilder)) To hoSbSigInput
If (Not(IsComObjectCreated(hoSbSigInput))) Begin
Send CreateComObject of hoSbSigInput
End
Get ComAppend Of hoSbSigInput '("content-digest" "x-ebay-signature-key" "@method" "@path" "@authority")' To iSuccess
Get ComAppend Of hoSbSigInput ";created=" To iSuccess
Get Create (RefClass(cComCkDateTime)) To hoDt
If (Not(IsComObjectCreated(hoDt))) Begin
Send CreateComObject of hoDt
End
Get ComSetFromCurrentSystemTime Of hoDt To iSuccess
Get ComGetAsUnixTimeStr Of hoDt False To sUnixTimeNow
Get ComAppend Of hoSbSigInput sUnixTimeNow To iSuccess
Get pvComObject of hoSbSigInput to vSbSigInput
Get ComAppendSb Of hoSbSigBase vSbSigInput To iSuccess
// -------------------------------------------------
// Sign the signature base string using the Ed25519 private key
Get Create (RefClass(cComChilkatBinData)) To hoBdPrivKey
If (Not(IsComObjectCreated(hoBdPrivKey))) Begin
Send CreateComObject of hoBdPrivKey
End
Get ComAppendEncoded Of hoBdPrivKey sStrPrivateKey "base64" To iSuccess
Get Create (RefClass(cComChilkatPrivateKey)) To hoPrivKey
If (Not(IsComObjectCreated(hoPrivKey))) Begin
Send CreateComObject of hoPrivKey
End
Get pvComObject of hoBdPrivKey to vBdPrivKey
Get ComLoadAnyFormat Of hoPrivKey vBdPrivKey "" To iSuccess
If (iSuccess = False) Begin
Get ComLastErrorText Of hoPrivKey To sTemp1
Showln sTemp1
Procedure_Return
End
Get Create (RefClass(cComChilkatBinData)) To hoBdToBeSigned
If (Not(IsComObjectCreated(hoBdToBeSigned))) Begin
Send CreateComObject of hoBdToBeSigned
End
Get pvComObject of hoSbSigBase to vSbSigBase
Get ComAppendSb Of hoBdToBeSigned vSbSigBase "utf-8" To iSuccess
Get Create (RefClass(cComChilkatEdDSA)) To hoEddsa
If (Not(IsComObjectCreated(hoEddsa))) Begin
Send CreateComObject of hoEddsa
End
Get pvComObject of hoBdToBeSigned to vBdToBeSigned
Get pvComObject of hoPrivKey to vPrivKey
Get ComSignBdENC Of hoEddsa vBdToBeSigned "base64" vPrivKey To sSigBase64
Get ComLastMethodSuccess Of hoEddsa To bTemp1
If (bTemp1 = False) Begin
Get ComLastErrorText Of hoEddsa To sTemp1
Showln sTemp1
Procedure_Return
End
Showln "sigBase64:"
Showln sSigBase64
// ----------------------------------------------------------
// Send the JSON POST
Get Create (RefClass(cComChilkatHttp)) To hoHttp
If (Not(IsComObjectCreated(hoHttp))) Begin
Send CreateComObject of hoHttp
End
Send ComSetRequestHeader To hoHttp "x-ebay-signature-key" sStrJwe
Get Create (RefClass(cComChilkatStringBuilder)) To hoSbContentDigestHdr
If (Not(IsComObjectCreated(hoSbContentDigestHdr))) Begin
Send CreateComObject of hoSbContentDigestHdr
End
Get ComAppend Of hoSbContentDigestHdr "sha-256=:" To iSuccess
Get ComGetHash Of hoSbBody "sha256" "base64" "utf-8" To sTemp1
Get ComAppend Of hoSbContentDigestHdr sTemp1 To iSuccess
Get ComAppend Of hoSbContentDigestHdr ":" To iSuccess
Get ComGetAsString Of hoSbContentDigestHdr To sTemp1
Send ComSetRequestHeader To hoHttp "Content-Digest" sTemp1
Get Create (RefClass(cComChilkatStringBuilder)) To hoSbSigHdr
If (Not(IsComObjectCreated(hoSbSigHdr))) Begin
Send CreateComObject of hoSbSigHdr
End
Get ComAppend Of hoSbSigHdr "sig1=:" To iSuccess
Get ComAppend Of hoSbSigHdr sSigBase64 To iSuccess
Get ComAppend Of hoSbSigHdr ":" To iSuccess
Get ComGetAsString Of hoSbSigHdr To sTemp1
Send ComSetRequestHeader To hoHttp "Signature" sTemp1
Get ComPrepend Of hoSbSigInput "sig1=" To iSuccess
Get ComGetAsString Of hoSbSigInput To sTemp1
Send ComSetRequestHeader To hoHttp "Signature-Input" sTemp1
// Add this header to make eBay actually check the signature.
Send ComSetRequestHeader To hoHttp "x-ebay-enforce-signature" "true"
// Set the OAuth2 access token to add the "Authorization: Bearer <access_token>" to the header.
Set ComAuthToken Of hoHttp To "your_oauth2_access_token"
// The signature base string constructed above is valid if we send this POST to "http://localhost:8080/verifysignature"
// Normally, you'll send your POST to some api.ebay.com endpoint.
Move "http://localhost:8080/verifysignature" To sUrl
Get ComGetAsString Of hoSbBody To sJsonStr
Get Create (RefClass(cComChilkatHttpResponse)) To hoResp
If (Not(IsComObjectCreated(hoResp))) Begin
Send CreateComObject of hoResp
End
Get pvComObject of hoResp to vResp
Get ComHttpStr Of hoHttp "POST" "http://localhost:8080/verifysignature" sJsonStr "utf-8" "application/json" vResp To iSuccess
If (iSuccess = False) Begin
Get ComLastErrorText Of hoHttp To sTemp1
Showln sTemp1
Procedure_Return
End
Get ComStatusCode Of hoResp To iTemp1
Showln "Response status code: " iTemp1
Showln "Response body:"
Get ComBodyStr Of hoResp To sTemp1
Showln sTemp1
End_Procedure