Visual FoxPro
Visual FoxPro
ebay: Add Digital Signature to HTTP Request
See more eBay Examples
Demonstrates how to add a digital signature to an ebay HTTP request.Chilkat Visual FoxPro Downloads
LOCAL lnSuccess
LOCAL lcStrPrivateKey
LOCAL lcStrPublicKey
LOCAL lcStrJwe
LOCAL loSbBody
LOCAL loSbSigBase
LOCAL loSbSigInput
LOCAL loDt
LOCAL lcUnixTimeNow
LOCAL loBdPrivKey
LOCAL loPrivKey
LOCAL loBdToBeSigned
LOCAL loEddsa
LOCAL lcSigBase64
LOCAL loHttp
LOCAL loSbContentDigestHdr
LOCAL loSbSigHdr
LOCAL lcUrl
LOCAL lcJsonStr
LOCAL loResp
lnSuccess = 0
* This example requires the Chilkat API to have been previously unlocked.
* See Global Unlock Sample for sample code.
* Note: Ebay provides a Key Management API
* See https://developer.ebay.com/api-docs/developer/key-management/overview.html
* The following test keys can be used:
*
* Ed25519
*
* Private Key:
*
* -----BEGIN PRIVATE KEY-----
* MC4CAQAwBQYDK2VwBCIEIJ+DYvh6SEqVTm50DFtMDoQikTmiCqirVv9mWG9qfSnF
* -----END PRIVATE KEY-----
lcStrPrivateKey = "MC4CAQAwBQYDK2VwBCIEIJ+DYvh6SEqVTm50DFtMDoQikTmiCqirVv9mWG9qfSnF"
*
* Public Key:
*
* -----BEGIN PUBLIC KEY-----
* MCowBQYDK2VwAyEAJrQLj5P/89iXES9+vFgrIy29clF9CC/oPPsw3c5D0bs=
* -----END PUBLIC KEY-----
lcStrPublicKey = "MCowBQYDK2VwAyEAJrQLj5P/89iXES9+vFgrIy29clF9CC/oPPsw3c5D0bs="
* This example assumes you got a JWE for your given private key from the Ebay Key Management REST API.
* This JWE is just for example:
lcStrJwe = "eyJ6aXAiOiJERUYiLCJlbmMiOiJBMjU2R0NNIiwidGFnIjoiSXh2dVRMb0FLS0hlS0Zoa3BxQ05CUSIsImFsZyI6IkEyNTZHQ01LVyIsIml2IjoiaFd3YjNoczk2QzEyOTNucCJ9.2o02pR9SoTF4g_5qRXZm6tF4H52TarilIAKxoVUqjd8.3qaF0KJN-rFHHm_P.AMUAe9PPduew09mANIZ-O_68CCuv6EIx096rm9WyLZnYz5N1WFDQ3jP0RBkbaOtQZHImMSPXIHVaB96RWshLuJsUgCKmTAwkPVCZv3zhLxZVxMXtPUuJ-ppVmPIv0NzznWCOU5Kvb9Xux7ZtnlvLXgwOFEix-BaWNomUAazbsrUCbrp514GIea3butbyxXLNi6R9TJUNh8V2uan-optT1MMyS7eMQnVGL5rYBULk.9K5ucUqAu0DqkkhgubsHHw"
loSbBody = CreateObject('Chilkat.StringBuilder')
loSbBody.Append('{"hello": "world"}')
? "Body of request:"
? loSbBody.GetAsString()
* -------------------------------------------------
* Build the signature base string...
loSbSigBase = CreateObject('Chilkat.StringBuilder')
loSbSigBase.Append('"content-digest": sha-256=:')
loSbSigBase.Append(loSbBody.GetHash("sha256","base64","utf-8"))
loSbSigBase.Append(":" + CHR(10))
loSbSigBase.Append('"x-ebay-signature-key": ')
loSbSigBase.Append(lcStrJwe)
loSbSigBase.Append(CHR(10))
loSbSigBase.Append('"@method": POST' + CHR(10))
* This is the path part of the URL without query params...
loSbSigBase.Append('"@path": ')
loSbSigBase.Append("/verifysignature")
loSbSigBase.Append(CHR(10))
* The is the domain, such as "api.ebay.com" w/ port if the port is something unusual.
* In this example, we're testing against a local docker test server (see the info at https://developer.ebay.com/develop/guides/digital-signatures-for-apis)
* Normally, I think it would just be "api.ebay.com" instead of "localhost:8080".
loSbSigBase.Append('"@authority": ')
loSbSigBase.Append("localhost:8080")
loSbSigBase.Append(CHR(10))
loSbSigBase.Append('"@signature-params": ')
loSbSigInput = CreateObject('Chilkat.StringBuilder')
loSbSigInput.Append('("content-digest" "x-ebay-signature-key" "@method" "@path" "@authority")')
loSbSigInput.Append(";created=")
loDt = CreateObject('Chilkat.CkDateTime')
loDt.SetFromCurrentSystemTime()
lcUnixTimeNow = loDt.GetAsUnixTimeStr(0)
loSbSigInput.Append(lcUnixTimeNow)
loSbSigBase.AppendSb(loSbSigInput)
* -------------------------------------------------
* Sign the signature base string using the Ed25519 private key
loBdPrivKey = CreateObject('Chilkat.BinData')
loBdPrivKey.AppendEncoded(lcStrPrivateKey,"base64")
loPrivKey = CreateObject('Chilkat.PrivateKey')
lnSuccess = loPrivKey.LoadAnyFormat(loBdPrivKey,"")
IF (lnSuccess = 0) THEN
? loPrivKey.LastErrorText
RELEASE loSbBody
RELEASE loSbSigBase
RELEASE loSbSigInput
RELEASE loDt
RELEASE loBdPrivKey
RELEASE loPrivKey
CANCEL
ENDIF
loBdToBeSigned = CreateObject('Chilkat.BinData')
loBdToBeSigned.AppendSb(loSbSigBase,"utf-8")
loEddsa = CreateObject('Chilkat.EdDSA')
lcSigBase64 = loEddsa.SignBdENC(loBdToBeSigned,"base64",loPrivKey)
IF (loEddsa.LastMethodSuccess = 0) THEN
? loEddsa.LastErrorText
RELEASE loSbBody
RELEASE loSbSigBase
RELEASE loSbSigInput
RELEASE loDt
RELEASE loBdPrivKey
RELEASE loPrivKey
RELEASE loBdToBeSigned
RELEASE loEddsa
CANCEL
ENDIF
? "sigBase64:"
? lcSigBase64
* ----------------------------------------------------------
* Send the JSON POST
loHttp = CreateObject('Chilkat.Http')
loHttp.SetRequestHeader("x-ebay-signature-key",lcStrJwe)
loSbContentDigestHdr = CreateObject('Chilkat.StringBuilder')
loSbContentDigestHdr.Append("sha-256=:")
loSbContentDigestHdr.Append(loSbBody.GetHash("sha256","base64","utf-8"))
loSbContentDigestHdr.Append(":")
loHttp.SetRequestHeader("Content-Digest",loSbContentDigestHdr.GetAsString())
loSbSigHdr = CreateObject('Chilkat.StringBuilder')
loSbSigHdr.Append("sig1=:")
loSbSigHdr.Append(lcSigBase64)
loSbSigHdr.Append(":")
loHttp.SetRequestHeader("Signature",loSbSigHdr.GetAsString())
loSbSigInput.Prepend("sig1=")
loHttp.SetRequestHeader("Signature-Input",loSbSigInput.GetAsString())
* Add this header to make eBay actually check the signature.
loHttp.SetRequestHeader("x-ebay-enforce-signature","true")
* Set the OAuth2 access token to add the "Authorization: Bearer <access_token>" to the header.
loHttp.AuthToken = "your_oauth2_access_token"
* The signature base string constructed above is valid if we send this POST to "http://localhost:8080/verifysignature"
* Normally, you'll send your POST to some api.ebay.com endpoint.
lcUrl = "http://localhost:8080/verifysignature"
lcJsonStr = loSbBody.GetAsString()
loResp = CreateObject('Chilkat.HttpResponse')
lnSuccess = loHttp.HttpStr("POST","http://localhost:8080/verifysignature",lcJsonStr,"utf-8","application/json",loResp)
IF (lnSuccess = 0) THEN
? loHttp.LastErrorText
RELEASE loSbBody
RELEASE loSbSigBase
RELEASE loSbSigInput
RELEASE loDt
RELEASE loBdPrivKey
RELEASE loPrivKey
RELEASE loBdToBeSigned
RELEASE loEddsa
RELEASE loHttp
RELEASE loSbContentDigestHdr
RELEASE loSbSigHdr
RELEASE loResp
CANCEL
ENDIF
? "Response status code: " + STR(loResp.StatusCode)
? "Response body:"
? loResp.BodyStr
RELEASE loSbBody
RELEASE loSbSigBase
RELEASE loSbSigInput
RELEASE loDt
RELEASE loBdPrivKey
RELEASE loPrivKey
RELEASE loBdToBeSigned
RELEASE loEddsa
RELEASE loHttp
RELEASE loSbContentDigestHdr
RELEASE loSbSigHdr
RELEASE loResp