Delphi ActiveX
Delphi ActiveX
ebay: Add Digital Signature to HTTP Request
See more eBay Examples
Demonstrates how to add a digital signature to an ebay HTTP request.Chilkat Delphi ActiveX Downloads
uses
Winapi.Windows, Winapi.Messages, System.SysUtils, System.Variants, System.Classes, Vcl.Graphics,
Vcl.Controls, Vcl.Forms, Vcl.Dialogs, Vcl.StdCtrls, Chilkat_TLB;
...
procedure TForm1.Button1Click(Sender: TObject);
var
success: Integer;
strPrivateKey: WideString;
strPublicKey: WideString;
strJwe: WideString;
sbBody: TChilkatStringBuilder;
sbSigBase: TChilkatStringBuilder;
sbSigInput: TChilkatStringBuilder;
dt: TCkDateTime;
unixTimeNow: WideString;
bdPrivKey: TChilkatBinData;
privKey: TPrivateKey;
bdToBeSigned: TChilkatBinData;
eddsa: TChilkatEdDSA;
sigBase64: WideString;
http: TChilkatHttp;
sbContentDigestHdr: TChilkatStringBuilder;
sbSigHdr: TChilkatStringBuilder;
url: WideString;
jsonStr: WideString;
resp: TChilkatHttpResponse;
begin
success := 0;
// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.
// Note: Ebay provides a Key Management API
// See https://developer.ebay.com/api-docs/developer/key-management/overview.html
// The following test keys can be used:
//
// Ed25519
//
// Private Key:
//
// -----BEGIN PRIVATE KEY-----
// MC4CAQAwBQYDK2VwBCIEIJ+DYvh6SEqVTm50DFtMDoQikTmiCqirVv9mWG9qfSnF
// -----END PRIVATE KEY-----
strPrivateKey := 'MC4CAQAwBQYDK2VwBCIEIJ+DYvh6SEqVTm50DFtMDoQikTmiCqirVv9mWG9qfSnF';
//
// Public Key:
//
// -----BEGIN PUBLIC KEY-----
// MCowBQYDK2VwAyEAJrQLj5P/89iXES9+vFgrIy29clF9CC/oPPsw3c5D0bs=
// -----END PUBLIC KEY-----
strPublicKey := 'MCowBQYDK2VwAyEAJrQLj5P/89iXES9+vFgrIy29clF9CC/oPPsw3c5D0bs=';
// This example assumes you got a JWE for your given private key from the Ebay Key Management REST API.
// This JWE is just for example:
strJwe := 'eyJ6aXAiOiJERUYiLCJlbmMiOiJBMjU2R0NNIiwidGFnIjoiSXh2dVRMb0FLS0hlS0Zoa3BxQ05CUSIsImFsZyI6IkEyNTZHQ01LVyIsIml2IjoiaFd3YjNoczk2QzEyOTNucCJ9.2o02pR9SoTF4g_5qRXZm6tF4H52TarilIAKxoVUqjd8.3qaF0KJN-rFHHm_P.AMUAe9PPduew09mANIZ-O_68CCuv6EIx096rm9WyLZnYz5N1WFDQ3jP0RBkbaOtQZHImMSPXIHVaB96RWshLuJsUgCKmTAwkPVCZv3zhLxZVxMXtPUuJ-ppVmPIv0NzznWCOU5Kvb9Xux7ZtnlvLXgwOFEix-BaWNomUAazbsrUCbrp514GIea3butbyxXLNi6R9TJUNh8V2uan-optT1MMyS7eMQnVGL5rYBULk.9K5ucUqAu0DqkkhgubsHHw';
sbBody := TChilkatStringBuilder.Create(Self);
sbBody.Append('{"hello": "world"}');
Memo1.Lines.Add('Body of request:');
Memo1.Lines.Add(sbBody.GetAsString());
// -------------------------------------------------
// Build the signature base string...
sbSigBase := TChilkatStringBuilder.Create(Self);
sbSigBase.Append('"content-digest": sha-256=:');
sbSigBase.Append(sbBody.GetHash('sha256','base64','utf-8'));
sbSigBase.Append(':' + #10);
sbSigBase.Append('"x-ebay-signature-key": ');
sbSigBase.Append(strJwe);
sbSigBase.Append(#10);
sbSigBase.Append('"@method": POST' + #10);
// This is the path part of the URL without query params...
sbSigBase.Append('"@path": ');
sbSigBase.Append('/verifysignature');
sbSigBase.Append(#10);
// The is the domain, such as "api.ebay.com" w/ port if the port is something unusual.
// In this example, we're testing against a local docker test server (see the info at https://developer.ebay.com/develop/guides/digital-signatures-for-apis)
// Normally, I think it would just be "api.ebay.com" instead of "localhost:8080".
sbSigBase.Append('"@authority": ');
sbSigBase.Append('localhost:8080');
sbSigBase.Append(#10);
sbSigBase.Append('"@signature-params": ');
sbSigInput := TChilkatStringBuilder.Create(Self);
sbSigInput.Append('("content-digest" "x-ebay-signature-key" "@method" "@path" "@authority")');
sbSigInput.Append(';created=');
dt := TCkDateTime.Create(Self);
dt.SetFromCurrentSystemTime();
unixTimeNow := dt.GetAsUnixTimeStr(0);
sbSigInput.Append(unixTimeNow);
sbSigBase.AppendSb(sbSigInput.ControlInterface);
// -------------------------------------------------
// Sign the signature base string using the Ed25519 private key
bdPrivKey := TChilkatBinData.Create(Self);
bdPrivKey.AppendEncoded(strPrivateKey,'base64');
privKey := TPrivateKey.Create(Self);
success := privKey.LoadAnyFormat(bdPrivKey.ControlInterface,'');
if (success = 0) then
begin
Memo1.Lines.Add(privKey.LastErrorText);
Exit;
end;
bdToBeSigned := TChilkatBinData.Create(Self);
bdToBeSigned.AppendSb(sbSigBase.ControlInterface,'utf-8');
eddsa := TChilkatEdDSA.Create(Self);
sigBase64 := eddsa.SignBdENC(bdToBeSigned.ControlInterface,'base64',privKey.ControlInterface);
if (eddsa.LastMethodSuccess = 0) then
begin
Memo1.Lines.Add(eddsa.LastErrorText);
Exit;
end;
Memo1.Lines.Add('sigBase64:');
Memo1.Lines.Add(sigBase64);
// ----------------------------------------------------------
// Send the JSON POST
http := TChilkatHttp.Create(Self);
http.SetRequestHeader('x-ebay-signature-key',strJwe);
sbContentDigestHdr := TChilkatStringBuilder.Create(Self);
sbContentDigestHdr.Append('sha-256=:');
sbContentDigestHdr.Append(sbBody.GetHash('sha256','base64','utf-8'));
sbContentDigestHdr.Append(':');
http.SetRequestHeader('Content-Digest',sbContentDigestHdr.GetAsString());
sbSigHdr := TChilkatStringBuilder.Create(Self);
sbSigHdr.Append('sig1=:');
sbSigHdr.Append(sigBase64);
sbSigHdr.Append(':');
http.SetRequestHeader('Signature',sbSigHdr.GetAsString());
sbSigInput.Prepend('sig1=');
http.SetRequestHeader('Signature-Input',sbSigInput.GetAsString());
// Add this header to make eBay actually check the signature.
http.SetRequestHeader('x-ebay-enforce-signature','true');
// Set the OAuth2 access token to add the "Authorization: Bearer <access_token>" to the header.
http.AuthToken := 'your_oauth2_access_token';
// The signature base string constructed above is valid if we send this POST to "http://localhost:8080/verifysignature"
// Normally, you'll send your POST to some api.ebay.com endpoint.
url := 'http://localhost:8080/verifysignature';
jsonStr := sbBody.GetAsString();
resp := TChilkatHttpResponse.Create(Self);
success := http.HttpStr('POST','http://localhost:8080/verifysignature',jsonStr,'utf-8','application/json',resp.ControlInterface);
if (success = 0) then
begin
Memo1.Lines.Add(http.LastErrorText);
Exit;
end;
Memo1.Lines.Add('Response status code: ' + IntToStr(resp.StatusCode));
Memo1.Lines.Add('Response body:');
Memo1.Lines.Add(resp.BodyStr);
end;