(VB.NET) Plaza API (bol.com) HMAC-SHA256 Authentication

Demonstrates how to compute the Authorization header for bol.com using HMAC-SHA256.

Chilkat .NET Downloads Chilkat .NET Framework Chilkat for .NET Core

' This example assumes the Chilkat API to have been previously unlocked.
' See Global Unlock Sample for sample code.

Dim crypt As New Chilkat.Crypt2

crypt.EncodingMode = "base64"
crypt.HashAlgorithm = "sha256"
crypt.MacAlgorithm = "hmac"

Dim publicKey As String = "oRNWbHFXtAECmhnZmEndcjLIaSKbRMVE"
Dim privateKey As String = "MaQHPOnmYkPZNgeRziPnQyyOJYytUbcFBVJBvbMKoDdpPqaZbaOiLUTWzPAkpPsZFZbJHrcoltdgpZolyNcgvvBaKcmkqFjucFzXhDONTsPAtHHyccQlLUZpkOuywMiOycDWcCySFsgpDiyGnCWCZJkNTtVdPxbSUTWVIFQiUxaPDYDXRQAVVTbSVZArAZkaLDLOoOvPzxSdhnkkJWzlQDkqsXNKfAIgAldrmyfROSyCGMCfvzdQdUQEaYZTPEoA"

' The string to sign is this:
' http_verb +'\n\n'+ content_type +'\n'+ x_bol_date +'\n'+ 'x-bol-date:'+ x_bol_date +'\n'+ uri

Dim http_verb As String = "GET"
Dim content_type As String = "application/xml"
Dim x_bol_date As String = "Wed, 17 Feb 2016 00:00:00 GMT"
Dim uri As String = "/services/rest/orders/v2"

' IMPORTANT: Notice the use of underscore and hyphen (dash) chars in x-bol-date vs. x_bol_date.
' In one place hypens are used.  In two places, underscore chars are used.
Dim sb As New Chilkat.StringBuilder
sb.Append(http_verb)
sb.Append(vbLf & vbLf)
sb.Append(content_type)
sb.Append(vbLf)
sb.Append(x_bol_date)
sb.Append(vbLf & "x-bol-date:")
sb.Append(x_bol_date)
sb.Append(vbLf)
sb.Append(uri)
Debug.WriteLine("[" & sb.GetAsString() & "]")

' Set the HMAC key:
crypt.SetMacKeyEncoded(privateKey,"ascii")
Dim mac As String = crypt.MacStringENC(sb.GetAsString())

' The answer should be: nqzLWvXI1eBhBXrRx5NF23V5hS8Q1xWCloJzPi/RAts=
Debug.WriteLine(mac)

' The last step is to append the public key with the signature
Dim sbHeader As New Chilkat.StringBuilder
sbHeader.Append(publicKey)
sbHeader.Append(":")
sbHeader.Append(mac)

Dim hdrValue As String = sbHeader.GetAsString()
Debug.WriteLine(hdrValue)