PHP Extension
PHP Extension
Plaza API (bol.com) HMAC-SHA256 Authentication
See more Encryption Examples
Demonstrates how to compute the Authorization header for bol.com using HMAC-SHA256.Chilkat PHP Extension Downloads
<?php
include("chilkat.php");
// This example assumes the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.
$crypt = new CkCrypt2();
$crypt->put_EncodingMode('base64');
$crypt->put_HashAlgorithm('sha256');
$crypt->put_MacAlgorithm('hmac');
$publicKey = 'oRNWbHFXtAECmhnZmEndcjLIaSKbRMVE';
$privateKey = 'MaQHPOnmYkPZNgeRziPnQyyOJYytUbcFBVJBvbMKoDdpPqaZbaOiLUTWzPAkpPsZFZbJHrcoltdgpZolyNcgvvBaKcmkqFjucFzXhDONTsPAtHHyccQlLUZpkOuywMiOycDWcCySFsgpDiyGnCWCZJkNTtVdPxbSUTWVIFQiUxaPDYDXRQAVVTbSVZArAZkaLDLOoOvPzxSdhnkkJWzlQDkqsXNKfAIgAldrmyfROSyCGMCfvzdQdUQEaYZTPEoA';
// The string to sign is this:
// http_verb +'\n\n'+ content_type +'\n'+ x_bol_date +'\n'+ 'x-bol-date:'+ x_bol_date +'\n'+ uri
$http_verb = 'GET';
$content_type = 'application/xml';
$x_bol_date = 'Wed, 17 Feb 2016 00:00:00 GMT';
$uri = '/services/rest/orders/v2';
// IMPORTANT: Notice the use of underscore and hyphen (dash) chars in x-bol-date vs. x_bol_date.
// In one place hypens are used. In two places, underscore chars are used.
$sb = new CkStringBuilder();
$sb->Append($http_verb);
$sb->Append('\n\n');
$sb->Append($content_type);
$sb->Append('\n');
$sb->Append($x_bol_date);
$sb->Append('\nx-bol-date:');
$sb->Append($x_bol_date);
$sb->Append('\n');
$sb->Append($uri);
print '[' . $sb->getAsString() . ']' . "\n";
// Set the HMAC key:
$crypt->SetMacKeyEncoded($privateKey,'ascii');
$mac = $crypt->macStringENC($sb->getAsString());
// The answer should be: nqzLWvXI1eBhBXrRx5NF23V5hS8Q1xWCloJzPi/RAts=
print $mac . "\n";
// The last step is to append the public key with the signature
$sbHeader = new CkStringBuilder();
$sbHeader->Append($publicKey);
$sbHeader->Append(':');
$sbHeader->Append($mac);
$hdrValue = $sbHeader->getAsString();
print $hdrValue . "\n";
?>