4

I'm trying to replicate a c# method for generating a signature hash to communicate with an API, having trouble reproducing the same example result in PHP based on the c# method examples I was given.

The word problem version of what I'm trying to do is: (from api documentation)

Calculating Request Signatures

A request signature, an HMAC with an SHA-1 hash code, is calculated by concatenating the values of the Service, Method, and Timestamp parameters, in that order, and then calculating an RFC 2104-compliant HMAC, using the Secret Access Key as the "key". The computed HMAC value must be base64 encoded

The test data:

service_name = “Zoyto Fulfillment Service”
timestamp: “2010-07-21T04:33:55Z”
api_secret = “2c0774063f4bb1a10ca39ba6c806636a57d78dc3”
method = “getOrderStatus”

Result should be:
signature: “mlePFDcrTAxd+PWA6hOGGtvu2Zc=”

I have the following code example of a c# method for creating a signature hash to make an API call:

public string createSignature(string api_secret, string method, string timestamp, string service_name) { 
  DateTime currentTime = DateTime.UtcNow; string toSign = service_name.ToLower() +   method.ToLower() + timestamp.ToLower(); 
  byte[] toSignBytes = Encoding.UTF8.GetBytes(toSign); byte[] secretBytes = Encoding.UTF8.GetBytes(api_secret); 
  HMAC signer = new HMACSHA1(secretBytes byte[] sigBytes = signer.ComputeHash(toSignBytes); 
  string signature = Convert.ToBase64String(sigBytes); 
  return signature; 
}

Currently, my php method looks like:

$testSecret = '2c0774063f4bb1a10ca39ba6c806636a57d78dc3';
$testSvc    = 'Zoyto Fulfillment Service';
$testStamp  = strtotime('2010-07-21 04:33:55');   
$method = 'getOrderStatus';

$sig    = utf8_encode($testSvc.$method.$testStamp);

$hash   = hash_hmac("sha1", $sig, $testSecret, true);

$sig    = base64_encode($hash);
return $sig;

//returns:
//OUhgiIqxngaFm1Rquxm1lZ/3CzE=

Any help is appreciated

Improve this question
1
  • Your C# code has a syntax error on the 4th line. If you can fix that up first I can help you with the PHP code. Commented Nov 15, 2011 at 0:55

1 Answer 1

Reset to default
2

I'm not sure where you got that C# code from but it doesn't work. This PHP code will give you the desired input for the input given.

function createSignature($api_secret, $method, $timestamp, $service_name) {
    $toSign = strtolower($service_name) . strtolower($method) . strtolower($timestamp);
    $sig = hash_hmac('sha1', $toSign, $api_secret, true);
    return base64_encode($sig);
}

$api_secret = '2c0774063f4bb1a10ca39ba6c806636a57d78dc3';
$method = 'getOrderStatus';
$timestamp  = '2010-07-21T04:33:55Z'; 
$service_name    = 'Zoyto Fulfillment Service';

echo createSignature($api_secret, $method, $timestamp, $service_name);
// output: mlePFDcrTAxd+PWA6hOGGtvu2Zc=

Note: Requires PHP 5 >= 5.1.2 or PECL hash >= 1.1

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

crap, I was passing the unix timestamp to the hash instead of the date string. Thanks man

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.