|
Chilkat • HOME • .NET Core C# • Android™ • AutoIt • C • C# • C++ • Chilkat2-Python • CkPython • Classic ASP • DataFlex • Delphi ActiveX • Delphi DLL • Go • Java • Lianja • Mono C# • Node.js • Objective-C • PHP ActiveX • PHP Extension • Perl • PowerBuilder • PowerShell • PureBasic • Ruby • SQL Server • Swift 2 • Swift 3,4,5... • Tcl • Unicode C • Unicode C++ • VB.NET • VBScript • Visual Basic 6.0 • Visual FoxPro • Xojo Plugin
(Visual FoxPro) ebay: Add Digital Signature to HTTP RequestSee more eBay ExamplesDemonstrates how to add a digital signature to an ebay HTTP request. For more information, see https://developer.ebay.com/develop/guides/digital-signatures-for-apis
LOCAL lnSuccess LOCAL lcStrPrivateKey LOCAL lcStrPublicKey LOCAL lcStrJwe LOCAL loSbBody LOCAL loSbSigBase LOCAL loSbSigInput LOCAL loDt LOCAL lcUnixTimeNow LOCAL loBdPrivKey LOCAL loPrivKey LOCAL loBdToBeSigned LOCAL loEddsa LOCAL lcSigBase64 LOCAL loHttp LOCAL loSbContentDigestHdr LOCAL loSbSigHdr LOCAL lcUrl LOCAL loResp * This example requires the Chilkat API to have been previously unlocked. * See Global Unlock Sample for sample code. * Note: Ebay provides a Key Management API * See https://developer.ebay.com/api-docs/developer/key-management/overview.html * The following test keys can be used: * * Ed25519 * * Private Key: * * -----BEGIN PRIVATE KEY----- * MC4CAQAwBQYDK2VwBCIEIJ+DYvh6SEqVTm50DFtMDoQikTmiCqirVv9mWG9qfSnF * -----END PRIVATE KEY----- lcStrPrivateKey = "MC4CAQAwBQYDK2VwBCIEIJ+DYvh6SEqVTm50DFtMDoQikTmiCqirVv9mWG9qfSnF" * * Public Key: * * -----BEGIN PUBLIC KEY----- * MCowBQYDK2VwAyEAJrQLj5P/89iXES9+vFgrIy29clF9CC/oPPsw3c5D0bs= * -----END PUBLIC KEY----- lcStrPublicKey = "MCowBQYDK2VwAyEAJrQLj5P/89iXES9+vFgrIy29clF9CC/oPPsw3c5D0bs=" * This example assumes you got a JWE for your given private key from the Ebay Key Management REST API. * This JWE is just for example: lcStrJwe = "eyJ6aXAiOiJERUYiLCJlbmMiOiJBMjU2R0NNIiwidGFnIjoiSXh2dVRMb0FLS0hlS0Zoa3BxQ05CUSIsImFsZyI6IkEyNTZHQ01LVyIsIml2IjoiaFd3YjNoczk2QzEyOTNucCJ9.2o02pR9SoTF4g_5qRXZm6tF4H52TarilIAKxoVUqjd8.3qaF0KJN-rFHHm_P.AMUAe9PPduew09mANIZ-O_68CCuv6EIx096rm9WyLZnYz5N1WFDQ3jP0RBkbaOtQZHImMSPXIHVaB96RWshLuJsUgCKmTAwkPVCZv3zhLxZVxMXtPUuJ-ppVmPIv0NzznWCOU5Kvb9Xux7ZtnlvLXgwOFEix-BaWNomUAazbsrUCbrp514GIea3butbyxXLNi6R9TJUNh8V2uan-optT1MMyS7eMQnVGL5rYBULk.9K5ucUqAu0DqkkhgubsHHw" * For versions of Chilkat < 10.0.0, use CreateObject('Chilkat_9_5_0.StringBuilder') loSbBody = CreateObject('Chilkat.StringBuilder') loSbBody.Append('{"hello": "world"}') ? "Body of request:" ? loSbBody.GetAsString() * ------------------------------------------------- * Build the signature base string... * For versions of Chilkat < 10.0.0, use CreateObject('Chilkat_9_5_0.StringBuilder') loSbSigBase = CreateObject('Chilkat.StringBuilder') loSbSigBase.Append('"content-digest": sha-256=:') loSbSigBase.Append(loSbBody.GetHash("sha256","base64","utf-8")) loSbSigBase.Append(":" + CHR(10)) loSbSigBase.Append('"x-ebay-signature-key": ') loSbSigBase.Append(lcStrJwe) loSbSigBase.Append(CHR(10)) loSbSigBase.Append('"@method": POST' + CHR(10)) * This is the path part of the URL without query params... loSbSigBase.Append('"@path": ') loSbSigBase.Append("/verifysignature") loSbSigBase.Append(CHR(10)) * The is the domain, such as "api.ebay.com" w/ port if the port is something unusual. * In this example, we're testing against a local docker test server (see the info at https://developer.ebay.com/develop/guides/digital-signatures-for-apis) * Normally, I think it would just be "api.ebay.com" instead of "localhost:8080". loSbSigBase.Append('"@authority": ') loSbSigBase.Append("localhost:8080") loSbSigBase.Append(CHR(10)) loSbSigBase.Append('"@signature-params": ') * For versions of Chilkat < 10.0.0, use CreateObject('Chilkat_9_5_0.StringBuilder') loSbSigInput = CreateObject('Chilkat.StringBuilder') loSbSigInput.Append('("content-digest" "x-ebay-signature-key" "@method" "@path" "@authority")') loSbSigInput.Append(";created=") * For versions of Chilkat < 10.0.0, use CreateObject('Chilkat_9_5_0.CkDateTime') loDt = CreateObject('Chilkat.CkDateTime') loDt.SetFromCurrentSystemTime() lcUnixTimeNow = loDt.GetAsUnixTimeStr(0) loSbSigInput.Append(lcUnixTimeNow) loSbSigBase.AppendSb(loSbSigInput) * ------------------------------------------------- * Sign the signature base string using the Ed25519 private key * For versions of Chilkat < 10.0.0, use CreateObject('Chilkat_9_5_0.BinData') loBdPrivKey = CreateObject('Chilkat.BinData') loBdPrivKey.AppendEncoded(lcStrPrivateKey,"base64") * For versions of Chilkat < 10.0.0, use CreateObject('Chilkat_9_5_0.PrivateKey') loPrivKey = CreateObject('Chilkat.PrivateKey') lnSuccess = loPrivKey.LoadAnyFormat(loBdPrivKey,"") IF (lnSuccess = 0) THEN ? loPrivKey.LastErrorText RELEASE loSbBody RELEASE loSbSigBase RELEASE loSbSigInput RELEASE loDt RELEASE loBdPrivKey RELEASE loPrivKey CANCEL ENDIF * For versions of Chilkat < 10.0.0, use CreateObject('Chilkat_9_5_0.BinData') loBdToBeSigned = CreateObject('Chilkat.BinData') loBdToBeSigned.AppendSb(loSbSigBase,"utf-8") * For versions of Chilkat < 10.0.0, use CreateObject('Chilkat_9_5_0.EdDSA') loEddsa = CreateObject('Chilkat.EdDSA') lcSigBase64 = loEddsa.SignBdENC(loBdToBeSigned,"base64",loPrivKey) IF (loEddsa.LastMethodSuccess = 0) THEN ? loEddsa.LastErrorText RELEASE loSbBody RELEASE loSbSigBase RELEASE loSbSigInput RELEASE loDt RELEASE loBdPrivKey RELEASE loPrivKey RELEASE loBdToBeSigned RELEASE loEddsa CANCEL ENDIF ? "sigBase64:" ? lcSigBase64 * ---------------------------------------------------------- * Send the JSON POST * For versions of Chilkat < 10.0.0, use CreateObject('Chilkat_9_5_0.Http') loHttp = CreateObject('Chilkat.Http') loHttp.SetRequestHeader("x-ebay-signature-key",lcStrJwe) * For versions of Chilkat < 10.0.0, use CreateObject('Chilkat_9_5_0.StringBuilder') loSbContentDigestHdr = CreateObject('Chilkat.StringBuilder') loSbContentDigestHdr.Append("sha-256=:") loSbContentDigestHdr.Append(loSbBody.GetHash("sha256","base64","utf-8")) loSbContentDigestHdr.Append(":") loHttp.SetRequestHeader("Content-Digest",loSbContentDigestHdr.GetAsString()) * For versions of Chilkat < 10.0.0, use CreateObject('Chilkat_9_5_0.StringBuilder') loSbSigHdr = CreateObject('Chilkat.StringBuilder') loSbSigHdr.Append("sig1=:") loSbSigHdr.Append(lcSigBase64) loSbSigHdr.Append(":") loHttp.SetRequestHeader("Signature",loSbSigHdr.GetAsString()) loSbSigInput.Prepend("sig1=") loHttp.SetRequestHeader("Signature-Input",loSbSigInput.GetAsString()) * Add this header to make eBay actually check the signature. loHttp.SetRequestHeader("x-ebay-enforce-signature","true") * Set the OAuth2 access token to add the "Authorization: Bearer <access_token>" to the header. loHttp.AuthToken = "your_oauth2_access_token" * The signature base string constructed above is valid if we send this POST to "http://localhost:8080/verifysignature" * Normally, you'll send your POST to some api.ebay.com endpoint. lcUrl = "http://localhost:8080/verifysignature" loResp = loHttp.PostJson2("http://localhost:8080/verifysignature","application/json",loSbBody.GetAsString()) IF (loHttp.LastMethodSuccess = 0) THEN ? loHttp.LastErrorText RELEASE loSbBody RELEASE loSbSigBase RELEASE loSbSigInput RELEASE loDt RELEASE loBdPrivKey RELEASE loPrivKey RELEASE loBdToBeSigned RELEASE loEddsa RELEASE loHttp RELEASE loSbContentDigestHdr RELEASE loSbSigHdr CANCEL ENDIF ? "Response status code: " + STR(loResp.StatusCode) ? "Response body:" ? loResp.BodyStr RELEASE loResp RELEASE loSbBody RELEASE loSbSigBase RELEASE loSbSigInput RELEASE loDt RELEASE loBdPrivKey RELEASE loPrivKey RELEASE loBdToBeSigned RELEASE loEddsa RELEASE loHttp RELEASE loSbContentDigestHdr RELEASE loSbSigHdr |
||||
© 2000-2024 Chilkat Software, Inc. All Rights Reserved.