span8
span4
span8
span4
Hello:
I have a project I'm working on where I connect to an API endpoint to get class information.The API requires that I establish oauth parameters and create the signature base string by:
1) Converting the HTTP method to upper case and set the output string equal to this value
2) Append the '&' character to the output string
3) Percent encode the URL and append it to the output string
4) Append the '&' character to the output string
5) Percent encode the parameter string and append it to the output
The final signature base string is encrypted using the consumer secret
I've accomplished all of the above with a variety of transformers in a workspace.My question is, how do I call the API endpoint when the URL has been encoded?This is something I've never had to do.Most of the API's I've processed against did not have this level of security/authorization and encryption (I had to encrypt my consumer secret).
I saw the Twitter API HTTPCaller post but after reviewing this several times, I could not figure out how to work my way through my scenario.
Any guidance would be greatly appreciated.
This is the excerpt from the API documentation.This is for OneRoster
Thank you@DeWetAtSafe.This was helpful.I will review what you provided and go from there.I really appreciate your assistance.
If I'm understanding correctly, you've already managed to create a signature string, and now need to add it to the API request.
I haven't tried this with the OneRoster API specifically, but it looks like you need to set the "Authorization" header as follows (interpretinghttps://www.imsglobal.org/oneroster-v11-final-specification3.6.1, using their example values):
Authorization: OAuth auth_consumer_key="imsglobal", oauth_nonce="1965da178f762237a8506e9d51b0398b4", oauth_signature="z47QdbCsasZP+5ZXelvc2b9xQeU=", oauth_signature_method="HMAC-SHA256", oauth_timestamp="1487345558", oauth_version="1.0"
The signature you've calculated goes in "oauth_signature".
The header is set in the HTTPCaller as follows:
Alternatively, it looks like OneRoster allows OAuth 2 Bearer Token auth as well (section 3.6.3).From what I can tell, you wouldn't need to sign it in that case, but rather, it would work similarly tohttps://knowledge.safe.com/questions/45854/httpcaller-and-twitter-api-authentication-problems.html.
© 2019 Safe Software Inc |Legal