(DataFlex) ebay: Add Digital Signature to HTTP Request

See more eBay Examples

Demonstrates how to add a digital signature to an ebay HTTP request.

For more information, see https://developer.ebay.com/develop/guides/digital-signatures-for-apis

Chilkat ActiveX Downloads ActiveX for 32-bit and 64-bit Windows

Use ChilkatAx-win32.pkg

Procedure Test
    Boolean iSuccess
    String sStrPrivateKey
    String sStrPublicKey
    String sStrJwe
    Handle hoSbBody
    Variant vSbSigBase
    Handle hoSbSigBase
    Variant vSbSigInput
    Handle hoSbSigInput
    Handle hoDt
    String sUnixTimeNow
    Variant vBdPrivKey
    Handle hoBdPrivKey
    Variant vPrivKey
    Handle hoPrivKey
    Variant vBdToBeSigned
    Handle hoBdToBeSigned
    Handle hoEddsa
    String sSigBase64
    Handle hoHttp
    Handle hoSbContentDigestHdr
    Handle hoSbSigHdr
    String sUrl
    Variant vResp
    Handle hoResp
    String sTemp1
    Integer iTemp1
    Boolean bTemp1

    // This example requires the Chilkat API to have been previously unlocked.
    // See Global Unlock Sample for sample code.

    // Note: Ebay provides a Key Management API
    // See https://developer.ebay.com/api-docs/developer/key-management/overview.html

    // The following test keys can be used: 
    // 
    // Ed25519 
    // 
    // Private Key:
    // 
    // -----BEGIN PRIVATE KEY-----
    // MC4CAQAwBQYDK2VwBCIEIJ+DYvh6SEqVTm50DFtMDoQikTmiCqirVv9mWG9qfSnF
    // -----END PRIVATE KEY-----

    Move "MC4CAQAwBQYDK2VwBCIEIJ+DYvh6SEqVTm50DFtMDoQikTmiCqirVv9mWG9qfSnF" To sStrPrivateKey

    // 
    // Public Key:
    // 
    // -----BEGIN PUBLIC KEY-----
    // MCowBQYDK2VwAyEAJrQLj5P/89iXES9+vFgrIy29clF9CC/oPPsw3c5D0bs=
    // -----END PUBLIC KEY-----

    Move "MCowBQYDK2VwAyEAJrQLj5P/89iXES9+vFgrIy29clF9CC/oPPsw3c5D0bs=" To sStrPublicKey

    // This example assumes you got a JWE for your given private key from the Ebay Key Management REST API.
    // This JWE is just for example:
    Move "eyJ6aXAiOiJERUYiLCJlbmMiOiJBMjU2R0NNIiwidGFnIjoiSXh2dVRMb0FLS0hlS0Zoa3BxQ05CUSIsImFsZyI6IkEyNTZHQ01LVyIsIml2IjoiaFd3YjNoczk2QzEyOTNucCJ9.2o02pR9SoTF4g_5qRXZm6tF4H52TarilIAKxoVUqjd8.3qaF0KJN-rFHHm_P.AMUAe9PPduew09mANIZ-O_68CCuv6EIx096rm9WyLZnYz5N1WFDQ3jP0RBkbaOtQZHImMSPXIHVaB96RWshLuJsUgCKmTAwkPVCZv3zhLxZVxMXtPUuJ-ppVmPIv0NzznWCOU5Kvb9Xux7ZtnlvLXgwOFEix-BaWNomUAazbsrUCbrp514GIea3butbyxXLNi6R9TJUNh8V2uan-optT1MMyS7eMQnVGL5rYBULk.9K5ucUqAu0DqkkhgubsHHw" To sStrJwe

    Get Create (RefClass(cComChilkatStringBuilder)) To hoSbBody
    If (Not(IsComObjectCreated(hoSbBody))) Begin
        Send CreateComObject of hoSbBody
    End
    Get ComAppend Of hoSbBody '{"hello": "world"}' To iSuccess

    Showln "Body of request:"
    Get ComGetAsString Of hoSbBody To sTemp1
    Showln sTemp1

    // -------------------------------------------------
    // Build the signature base string...

    Get Create (RefClass(cComChilkatStringBuilder)) To hoSbSigBase
    If (Not(IsComObjectCreated(hoSbSigBase))) Begin
        Send CreateComObject of hoSbSigBase
    End

    Get ComAppend Of hoSbSigBase '"content-digest": sha-256=:' To iSuccess
    Get ComGetHash Of hoSbBody "sha256" "base64" "utf-8" To sTemp1
    Get ComAppend Of hoSbSigBase sTemp1 To iSuccess
    Get ComAppend Of hoSbSigBase ":" + (character(10)) To iSuccess

    Get ComAppend Of hoSbSigBase '"x-ebay-signature-key": ' To iSuccess
    Get ComAppend Of hoSbSigBase sStrJwe To iSuccess
    Get ComAppend Of hoSbSigBase (character(10)) To iSuccess

    Get ComAppend Of hoSbSigBase '"@method": POST' + (character(10)) To iSuccess

    // This is the path part of the URL without query params...
    Get ComAppend Of hoSbSigBase '"@path": ' To iSuccess
    Get ComAppend Of hoSbSigBase "/verifysignature" To iSuccess
    Get ComAppend Of hoSbSigBase (character(10)) To iSuccess

    // The is the domain, such as "api.ebay.com" w/ port if the port is something unusual.
    // In this example, we're testing against a local docker test server (see the info at https://developer.ebay.com/develop/guides/digital-signatures-for-apis)
    // Normally, I think it would just be "api.ebay.com" instead of "localhost:8080".
    Get ComAppend Of hoSbSigBase '"@authority": ' To iSuccess
    Get ComAppend Of hoSbSigBase "localhost:8080" To iSuccess
    Get ComAppend Of hoSbSigBase (character(10)) To iSuccess

    Get ComAppend Of hoSbSigBase '"@signature-params": ' To iSuccess

    Get Create (RefClass(cComChilkatStringBuilder)) To hoSbSigInput
    If (Not(IsComObjectCreated(hoSbSigInput))) Begin
        Send CreateComObject of hoSbSigInput
    End
    Get ComAppend Of hoSbSigInput '("content-digest" "x-ebay-signature-key" "@method" "@path" "@authority")' To iSuccess
    Get ComAppend Of hoSbSigInput ";created=" To iSuccess

    Get Create (RefClass(cComCkDateTime)) To hoDt
    If (Not(IsComObjectCreated(hoDt))) Begin
        Send CreateComObject of hoDt
    End
    Get ComSetFromCurrentSystemTime Of hoDt To iSuccess
    Get ComGetAsUnixTimeStr Of hoDt False To sUnixTimeNow
    Get ComAppend Of hoSbSigInput sUnixTimeNow To iSuccess

    Get pvComObject of hoSbSigInput to vSbSigInput
    Get ComAppendSb Of hoSbSigBase vSbSigInput To iSuccess

    // -------------------------------------------------
    // Sign the signature base string using the Ed25519 private key

    Get Create (RefClass(cComChilkatBinData)) To hoBdPrivKey
    If (Not(IsComObjectCreated(hoBdPrivKey))) Begin
        Send CreateComObject of hoBdPrivKey
    End
    Get ComAppendEncoded Of hoBdPrivKey sStrPrivateKey "base64" To iSuccess

    Get Create (RefClass(cComChilkatPrivateKey)) To hoPrivKey
    If (Not(IsComObjectCreated(hoPrivKey))) Begin
        Send CreateComObject of hoPrivKey
    End
    Get pvComObject of hoBdPrivKey to vBdPrivKey
    Get ComLoadAnyFormat Of hoPrivKey vBdPrivKey "" To iSuccess
    If (iSuccess = False) Begin
        Get ComLastErrorText Of hoPrivKey To sTemp1
        Showln sTemp1
        Procedure_Return
    End

    Get Create (RefClass(cComChilkatBinData)) To hoBdToBeSigned
    If (Not(IsComObjectCreated(hoBdToBeSigned))) Begin
        Send CreateComObject of hoBdToBeSigned
    End
    Get pvComObject of hoSbSigBase to vSbSigBase
    Get ComAppendSb Of hoBdToBeSigned vSbSigBase "utf-8" To iSuccess

    Get Create (RefClass(cComChilkatEdDSA)) To hoEddsa
    If (Not(IsComObjectCreated(hoEddsa))) Begin
        Send CreateComObject of hoEddsa
    End
    Get pvComObject of hoBdToBeSigned to vBdToBeSigned
    Get pvComObject of hoPrivKey to vPrivKey
    Get ComSignBdENC Of hoEddsa vBdToBeSigned "base64" vPrivKey To sSigBase64
    Get ComLastMethodSuccess Of hoEddsa To bTemp1
    If (bTemp1 = False) Begin
        Get ComLastErrorText Of hoEddsa To sTemp1
        Showln sTemp1
        Procedure_Return
    End

    Showln "sigBase64:"
    Showln sSigBase64

    // ----------------------------------------------------------
    // Send the JSON POST

    Get Create (RefClass(cComChilkatHttp)) To hoHttp
    If (Not(IsComObjectCreated(hoHttp))) Begin
        Send CreateComObject of hoHttp
    End

    Send ComSetRequestHeader To hoHttp "x-ebay-signature-key" sStrJwe

    Get Create (RefClass(cComChilkatStringBuilder)) To hoSbContentDigestHdr
    If (Not(IsComObjectCreated(hoSbContentDigestHdr))) Begin
        Send CreateComObject of hoSbContentDigestHdr
    End
    Get ComAppend Of hoSbContentDigestHdr "sha-256=:" To iSuccess
    Get ComGetHash Of hoSbBody "sha256" "base64" "utf-8" To sTemp1
    Get ComAppend Of hoSbContentDigestHdr sTemp1 To iSuccess
    Get ComAppend Of hoSbContentDigestHdr ":" To iSuccess
    Get ComGetAsString Of hoSbContentDigestHdr To sTemp1
    Send ComSetRequestHeader To hoHttp "Content-Digest" sTemp1

    Get Create (RefClass(cComChilkatStringBuilder)) To hoSbSigHdr
    If (Not(IsComObjectCreated(hoSbSigHdr))) Begin
        Send CreateComObject of hoSbSigHdr
    End
    Get ComAppend Of hoSbSigHdr "sig1=:" To iSuccess
    Get ComAppend Of hoSbSigHdr sSigBase64 To iSuccess
    Get ComAppend Of hoSbSigHdr ":" To iSuccess
    Get ComGetAsString Of hoSbSigHdr To sTemp1
    Send ComSetRequestHeader To hoHttp "Signature" sTemp1

    Get ComPrepend Of hoSbSigInput "sig1=" To iSuccess
    Get ComGetAsString Of hoSbSigInput To sTemp1
    Send ComSetRequestHeader To hoHttp "Signature-Input" sTemp1

    // Add this header to make eBay actually check the signature.
    Send ComSetRequestHeader To hoHttp "x-ebay-enforce-signature" "true"

    // Set the OAuth2 access token to add the "Authorization: Bearer <access_token>" to the header.
    Set ComAuthToken Of hoHttp To "your_oauth2_access_token"

    // The signature base string constructed above is valid if we send this POST to "http://localhost:8080/verifysignature"
    // Normally, you'll send your POST to some api.ebay.com endpoint.
    Move "http://localhost:8080/verifysignature" To sUrl

    Get ComGetAsString Of hoSbBody To sTemp1
    Get ComPostJson2 Of hoHttp "http://localhost:8080/verifysignature" "application/json" sTemp1 To vResp
    If (IsComObject(vResp)) Begin
        Get Create (RefClass(cComChilkatHttpResponse)) To hoResp
        Set pvComObject Of hoResp To vResp
    End
    Get ComLastMethodSuccess Of hoHttp To bTemp1
    If (bTemp1 = False) Begin
        Get ComLastErrorText Of hoHttp To sTemp1
        Showln sTemp1
        Procedure_Return
    End

    Get ComStatusCode Of hoResp To iTemp1
    Showln "Response status code: " iTemp1
    Showln "Response body:"
    Get ComBodyStr Of hoResp To sTemp1
    Showln sTemp1

    Send Destroy of hoResp


End_Procedure