(Ruby) Plaza API (bol.com) HMAC-SHA256 Authentication

Demonstrates how to compute the Authorization header for bol.com using HMAC-SHA256.

Chilkat Ruby Downloads install from rubygems.org gem install chilkat or download... Ruby Library for Windows, MacOS, Linux, Alpine Linux

require 'chilkat'

# This example assumes the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.

crypt = Chilkat::CkCrypt2.new()

crypt.put_EncodingMode("base64")
crypt.put_HashAlgorithm("sha256")
crypt.put_MacAlgorithm("hmac")

publicKey = "oRNWbHFXtAECmhnZmEndcjLIaSKbRMVE"
privateKey = "MaQHPOnmYkPZNgeRziPnQyyOJYytUbcFBVJBvbMKoDdpPqaZbaOiLUTWzPAkpPsZFZbJHrcoltdgpZolyNcgvvBaKcmkqFjucFzXhDONTsPAtHHyccQlLUZpkOuywMiOycDWcCySFsgpDiyGnCWCZJkNTtVdPxbSUTWVIFQiUxaPDYDXRQAVVTbSVZArAZkaLDLOoOvPzxSdhnkkJWzlQDkqsXNKfAIgAldrmyfROSyCGMCfvzdQdUQEaYZTPEoA"

# The string to sign is this:
# http_verb +'\n\n'+ content_type +'\n'+ x_bol_date +'\n'+ 'x-bol-date:'+ x_bol_date +'\n'+ uri

http_verb = "GET"
content_type = "application/xml"
x_bol_date = "Wed, 17 Feb 2016 00:00:00 GMT"
uri = "/services/rest/orders/v2"

# IMPORTANT: Notice the use of underscore and hyphen (dash) chars in x-bol-date vs. x_bol_date.
# In one place hypens are used.  In two places, underscore chars are used.
sb = Chilkat::CkStringBuilder.new()
sb.Append(http_verb)
sb.Append("\n\n")
sb.Append(content_type)
sb.Append("\n")
sb.Append(x_bol_date)
sb.Append("\nx-bol-date:")
sb.Append(x_bol_date)
sb.Append("\n")
sb.Append(uri)
print "[" + sb.getAsString() + "]" + "\n";

# Set the HMAC key:
crypt.SetMacKeyEncoded(privateKey,"ascii")
mac = crypt.macStringENC(sb.getAsString())

# The answer should be: nqzLWvXI1eBhBXrRx5NF23V5hS8Q1xWCloJzPi/RAts=
print mac + "\n";

# The last step is to append the public key with the signature
sbHeader = Chilkat::CkStringBuilder.new()
sbHeader.Append(publicKey)
sbHeader.Append(":")
sbHeader.Append(mac)

hdrValue = sbHeader.getAsString()
print hdrValue + "\n";