Jump to content
RadStudio 10.3.1 was released today Read more... ×
Sign in to follow this  
azrael_11

Rest question (Newbie)

Recommended Posts

Hi

I Create an app for windows and i try to add forecast results on it.

 

I use the Yahoo weather api but recently even the free access goes to  oauth1 Authorization.

 

here what Yahoo wants to access forecast results.

 

GET /forecastrss?location=sunnyvale,ca HTTP/1.1
Host: weather-ydn-yql.media.yahoo.com
Yahoo-App-Id: YOUR_APP_ID
Authorization: OAuth
oauth_consumer_key="YOUR_CONSUMER_KEY",oauth_signature_method="HMAC-SHA1",oauth_timestamp="YOUR_TIMESTAMP",oauth_nonce="YOUR_NONCE",oauth_version="1.0",oauth_signature="YOUR_GENERATED_SIGNATURE"
cache-control: no-cache

 

I go to REST Debugger tool provide by emb

I add the get method in method url like this http://weather-ydn-yql.media.yahoo.com/forecastrss?w=2502265

I select the from authentication the method oauth 1  and i put my Client-ID and the Client-Secret and select the HMAC-SHA1 from OAuth-Assistant.

 

Now how can i add Timestamp, oauth_nonce,

 

BCS when i execute the request i get

 

Connection=keep-alive
Date=Fri, 18 Jan 2019 08:32:06 GMT
Via=http/1.1 media-router-omega65.prod.media.bf1.yahoo.com (ApacheTrafficServer [cMsSf ])
Content-Length=0
Content-Type=application/json;charset=UTF-8
Age=0
Server=ATS
WWW-Authenticate=OAuth oauth_problem="OST_OAUTH_SIGNATURE_INVALID_ERROR", realm="yahooapis.com" //here i get an error
X-Frame-Options=SAMEORIGIN
X-Content-Type-Options=nosniff
X-XSS-Protection=1; mode=block
Referrer-Policy=no-referrer-when-downgrade

 

Thank you.

Share this post


Link to post

Finally i use the simple method of indy IdHTTP.get method to get result.

 

But i don't know how to GENERATE  SIGNATURE 

 

Any ideas...

 

Thank you.

Edited by azrael_11

Share this post


Link to post

Hi,

 

These days I'm studying MS Azure. And I have used Delphi TAzureBlobService to access Azure, and its signature result can not accepted by Azure. To access Azure, it is by REST.

 

I found that Azure returned some error message through HTTP, in the error message, Azure said: Server used following string to sign xxxxx xxxx。

 

So, I use the string of the error message tell me to be a template, to create my signature string, and use the method from TAzureBlobService  to calculate the signature. It works!

 

BTW. Azure's signature is calculate by SHA2:  THashSHA2.GetHMACAsBytes(StringToSign, Signkey, THashSHA2.TSHA2Version.SHA256);

 

So, you may need to read Yahoo's information that its structure of signature string, and what calculation it use.

Share this post


Link to post
On 2/3/2019 at 10:19 PM, pcplayer99 said:

Hi,

 

These days I'm studying MS Azure. And I have used Delphi TAzureBlobService to access Azure, and its signature result can not accepted by Azure. To access Azure, it is by REST.

 

I found that Azure returned some error message through HTTP, in the error message, Azure said: Server used following string to sign xxxxx xxxx。

 

So, I use the string of the error message tell me to be a template, to create my signature string, and use the method from TAzureBlobService  to calculate the signature. It works!

 

BTW. Azure's signature is calculate by SHA2:  THashSHA2.GetHMACAsBytes(StringToSign, Signkey, THashSHA2.TSHA2Version.SHA256);

 

So, you may need to read Yahoo's information that its structure of signature string, and what calculation it use.

 

This is the official String signature  generator that taken from C++ code  form Yahoo.

But i cant translated to delphi code.

String signature = null;
        try {
            SecretKeySpec signingKey = new SecretKeySpec((consumerSecret + "&").getBytes(), "HmacSHA1");
            Mac mac = Mac.getInstance("HmacSHA1");
            mac.init(signingKey);
            byte[] rawHMAC = mac.doFinal(signatureString.getBytes());
            Encoder encoder = Base64.getEncoder();
            signature = encoder.encodeToString(rawHMAC);
        } catch (Exception e) {
            System.err.println("Unable to append signature");
            System.exit(0);
}

Thank you

 

Share this post


Link to post

Hi,

 

These code shows how to HASH signature by SHA1, but it is not show how to combine a signature string to HASH.

 

I have not study Yahoo, but in MS Azure, it signature string is like:

 

GET
x-ms-date:Wed, 30 Jan 2019 15:12:26 GMT
x-ms-version:2015-02-21
/devstoreaccount1/devstoreaccount1/pcplayer1
comp:list
restype:container
timeout:30
 
And MS said that between every line, there is a LF(#10 or $A) but no Return(#13 or $D) char.
So, you must know how Yahoo's signature string create.

Share this post


Link to post
18 hours ago, pcplayer99 said:

Hi,

 

These code shows how to HASH signature by SHA1, but it is not show how to combine a signature string to HASH.

 

I have not study Yahoo, but in MS Azure, it signature string is like:

 

 

GET
x-ms-date:Wed, 30 Jan 2019 15:12:26 GMT
x-ms-version:2015-02-21
/devstoreaccount1/devstoreaccount1/pcplayer1
comp:list
restype:container
timeout:30
 
And MS said that between every line, there is a LF(#10 or $A) but no Return(#13 or $D) char.
So, you must know how Yahoo's signature string create.

 

Maybe something like this in C++ code

String signatureString = "GET&" +
            URLEncoder.encode(url, "UTF-8") + "&" +
URLEncoder.encode(parametersList.toString(), "UTF-8");

Thank you

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×