{"__v":0,"_id":"575676128749830e00681e90","category":{"version":"575676128749830e00681e82","project":"55a4d5531a5f991700a9409e","_id":"575676128749830e00681e86","__v":0,"sync":{"url":"","isSync":false},"reference":false,"createdAt":"2015-09-23T14:31:03.400Z","from_sync":false,"order":1,"slug":"authorization","title":"Authorization"},"parentDoc":null,"project":"55a4d5531a5f991700a9409e","user":"560266564f15002100ee444b","version":{"__v":2,"_id":"575676128749830e00681e82","project":"55a4d5531a5f991700a9409e","createdAt":"2016-06-07T07:21:54.005Z","releaseDate":"2016-06-07T07:21:54.005Z","categories":["575676128749830e00681e83","575676128749830e00681e84","575676128749830e00681e85","575676128749830e00681e86","575676128749830e00681e87","575676128749830e00681e88","575676128749830e00681e89","575676128749830e00681e8a","575676128749830e00681e8b","580c5ff36c35230f003d3b49"],"is_deprecated":false,"is_hidden":false,"is_beta":false,"is_stable":true,"codename":"","version_clean":"2.0.0","version":"2.0"},"updates":[],"next":{"pages":[],"description":""},"createdAt":"2015-09-23T14:31:38.749Z","link_external":false,"link_url":"","githubsync":"","sync_unique":"","hidden":false,"api":{"results":{"codes":[]},"settings":"","auth":"required","params":[],"url":""},"isReference":false,"order":2,"body":"To create the **Authorization **header, perform the following steps:\n\n1. Build the signature by following the steps described in the next section [Create the HMAC signature](doc:create-the-hmac-signature).\n2. Send the signature in the Authorization header using UWA custom scheme. The data in the authorization header will contain the store key, signature, nonce and request time stamp separated by colon: \"Authorization: UWA StoreKey:Signature:Nonce:Timestamp\". \n\nAn example of an **Authorization **header would look like:\n[block:parameters]\n{\n  \"data\": {\n    \"h-0\": \"Name\",\n    \"h-1\": \"Description\",\n    \"0-0\": \"store key\",\n    \"1-0\": \"timestamp\",\n    \"2-0\": \"nonce\",\n    \"3-0\": \"signature\",\n    \"0-1\": \"The key used to identify the specific shop. This key is available in the Retailer portal.\",\n    \"1-1\": \"The time when the message was created.\\n\\n***Important**: Please note that the provided value should be the current Unix timestamp*\\n\\n***Warning**: Messages older than 15 minutes will be rejected in order to prevent replay attacks.*\",\n    \"2-1\": \"The nonce (number used once) is a unique and random string that is meant to uniquely identify each request.\",\n    \"3-1\": \"Is the signature that is produced by following this guide, and will be validated at the server.\"\n  },\n  \"cols\": 2,\n  \"rows\": 4\n}\n[/block]\nThe following code examples shows how to generate the entire header: \n[block:code]\n{\n  \"codes\": [\n    {\n      \"code\": \"public string GetAuthorizationHeader(string storeKey, string sharedSecret,\\n    string method, string url, string contentAsJson)\\n{\\n    var digestBase64 = String.Empty;\\n    if (!String.IsNullOrWhiteSpace(contentAsJson))\\n    {\\n      var content = Encoding.UTF8.GetBytes(contentAsJson);\\n      byte[] requestContentHash = MD5.Create().ComputeHash(content);\\n      digestBase64 = Convert.ToBase64String(requestContentHash);\\n    }\\n  \\n    var nonce = Guid.NewGuid().ToString();\\n\\n    var timestampLong = (long)DateTime.UtcNow.Subtract(\\n               new DateTime(1970, 01, 01, 00, 00, 00)).TotalSeconds;\\n\\n  \\tvar timestamp = timestampLong.ToString(CultureInfo.InvariantCulture);\\n\\n    var msgToSisgn = String.Format(\\\"{0}{1}{2}{3}{4}{5}\\\",\\n                    storeKey,\\n                    method.ToUpper(),\\n                    url,\\n                    timestamp,\\n                    nonce,\\n                    digestBase64);\\n\\n    var secretKeyByteArray = Convert.FromBase64String(sharedSecret);\\n\\n    using (var hmac = new HMACSHA256(secretKeyByteArray))\\n    {\\n        byte[] signatureBytes = hmac.ComputeHash(Encoding.UTF8.GetBytes(msgToSign));\\n        string requestSignatureBase64String = Convert.ToBase64String(signatureBytes);\\n\\n        return String.Format(\\\"UWA {0}:{1}:{2}:{3}\\\", \\n            storeKey,\\n            requestSignatureBase64String,\\n            nonce,\\n            timestamp);\\n    }\\n}\",\n      \"language\": \"csharp\"\n    },\n    {\n      \"code\": \"private static  String getAuthorizationHeader(String storeKey, String sharedSecret,\\n\\t\\tString method, String url, String contentAsJson) {\\n\\ttry{\\n\\n\\t\\tString timestamp = Long.toString(Math.round(System.currentTimeMillis() / 1000));\\n\\t\\tString nonce = UUID.randomUUID().toString();\\n\\n\\t\\tbyte[] body = contentAsJson.getBytes(\\\"UTF-8\\\");\\n\\n\\t\\tMessageDigest md = MessageDigest.getInstance(\\\"MD5\\\");\\n\\t\\tbyte[] thedigest = md.digest(body);\\n\\n\\t\\tString messageToSign = new StringBuilder()\\n\\t\\t\\t.append(storeKey)\\n\\t\\t\\t.append(method.toUpperCase()).append(url)\\n\\t\\t\\t.append(timestamp)\\n\\t\\t\\t.append(nonce)\\n\\t\\t\\t.append(Base64.getEncoder()\\n\\t\\t\\t.encodeToString(thedigest)).toString();\\n\\n\\t\\tbyte[] secretKey = Base64.getDecoder().decode(sharedSecret);\\n\\t\\tMac hmac = Mac.getInstance(\\\"HmacSHA256\\\");\\n\\t\\thmac.init(new SecretKeySpec(secretKey, \\\"HmacSHA256\\\"));\\n\\n\\t\\tbyte[] rawHmac = hmac.doFinal(messageToSign.getBytes());\\n\\n\\t\\tString signatureAsBase64 = Base64.getEncoder().encodeToString(\\n\\t\\t\\t\\trawHmac);\\n\\n\\t\\tString authorizationHeader = new StringBuilder().append(\\\"UWA \\\")\\n\\t\\t\\t\\t.append(storeKey)\\n\\t\\t\\t\\t.append(\\\":\\\" + signatureAsBase64)\\n\\t\\t\\t\\t.append(\\\":\\\" + nonce)\\n\\t\\t\\t\\t.append(\\\":\\\" + timestamp).toString();\\n\\n\\t\\tSystem.out.println(authorizationHeader);\\n\\n\\t\\treturn authorizationHeader;\\n\\n\\t} catch (UnsupportedEncodingException e) {\\n\\t\\t// TODO Auto-generated catch block\\n\\t\\te.printStackTrace();\\n\\t} catch (InvalidKeyException e) {\\n\\t\\t// TODO Auto-generated catch block\\n\\t\\te.printStackTrace();\\n\\t} catch (NoSuchAlgorithmException e) {\\n\\t\\t// TODO Auto-generated catch block\\n\\t\\te.printStackTrace();\\n\\t}\\n\\n\\treturn \\\"\\\";\\n}\",\n      \"language\": \"java\"\n    },\n    {\n      \"code\": \"import java.nio.charset.StandardCharsets;\\nimport java.security.SignatureException\\nimport java.security.spec.EncodedKeySpec;\\nimport com.eviware.soapui.support.types.StringToStringMap\\nimport java.security.MessageDigest\\nimport javax.crypto.Mac\\nimport javax.crypto.spec.SecretKeySpec\\nimport java.sql.Date.*;\\nimport java.util.UUID;\\nimport javax.xml.bind.DatatypeConverter;\\n\\n\\ndef now = new Date()\\ndef timestamp = Math.round(now.getTime()/1000);\\n\\nString storeKey = \\\"b0477a45-1198-419f-b159-e484be341512\\\";\\nString requestMethod = \\\"POST\\\"\\nString requestUrl = \\\"https://dev-retailer-api.urb-it.com/api/order/create/\\\"\\nString secret = \\\"aaNDNO23YWpSANlXADkyjUz8kOZA9C74HL+RYxCLGxgFD9lSF5BxTdrFQ7mPDPeXHpYzLkhQHuRYF+EYMi+fkA==\\\"\\n\\n\\nString context = \\\"\\\"; // The Json content\\nUUID uuid = UUID.randomUUID();\\nString nonce = \\\"48e0e16-cbc9-4953-ad33-f3d17c5330dc\\\"//uuid.toString();\\n\\ntry {\\n\\n // get an hmac_sha1 key from the raw key bytes\\n\\n byte[] body = context.getBytes();\\n MessageDigest md = MessageDigest.getInstance(\\\"MD5\\\");\\n byte[] thedigest = md.digest(body);\\n SecretKeySpec signingKey = new SecretKeySpec(DatatypeConverter.parseBase64Binary(secret), \\\"HmacSHA256\\\");\\n Mac mac = Mac.getInstance(\\\"HmacSHA256\\\");\\n mac.init(signingKey);\\n \\n // compute the hmac on input data bytes\\n \\n   String message = new StringBuilder()\\n    .append(storeKey)\\n    .append(requestMethod)\\n    .append(requestUrl)\\n    .append(timestamp)\\n    .append(nonce)\\n    .append(DatatypeConverter.printBase64Binary(thedigest))\\n    .toString();\\n   \\n   byte [] signatureBytes = mac.doFinal(message.getBytes());\\n   signature = DatatypeConverter.printBase64Binary(signatureBytes)\\n   \\n} catch (Exception e) {\\n log.info \\\"error\\\" + e.getMessage()\\n throw new SignatureException(\\\"Failed to generate HMAC : \\\" + e.getMessage());\\n}\\n\\nString authorizationHeader = new StringBuilder()\\n    .append(storeKey)\\n    .append(\\\":\\\"+signature)\\n    .append(\\\":\\\"+nonce)\\n    .append(\\\":\\\"+timestamp)\\n    .toString();\\n\\ndef headers1 = new StringToStringMap()\\nheaders1.put(\\\"Authorization\\\",\\\"UWA \\\" +authorizationHeader)\",\n      \"language\": \"groovy\"\n    },\n    {\n      \"code\": \"<?php\\n\\tfunction get_authorization_header($store_key, $shared_secret, $method, $url, $json) {\\n\\t\\t// Ensure JSON content is encoded as UTF-8\\n\\t\\t$json = utf8_encode($json);\\n\\t\\t\\n\\t\\t// Create MD5 digest ($raw_output = true)\\n\\t\\t$md5_digest = md5($json, true);\\n\\t\\t\\n\\t\\t// Create Base64 digest\\n\\t\\t$base64_digest = base64_encode($md5_digest);\\n\\t\\t\\n\\t\\t// Get current Unix timestamp\\n\\t\\t$timestamp = time();\\n\\t\\t\\n\\t\\t// Create a unique nonce\\n\\t\\t$nonce = md5(microtime(true) . $_SERVER['REMOTE_ADDR'] . rand(0, 999999));\\n\\t\\t\\n\\t\\t// Concatenate data\\n\\t\\t$msg = implode('', array(\\n\\t\\t\\t$store_key,\\n\\t\\t\\tstrtoupper($method),\\n\\t\\t\\tstrtolower($url),\\n\\t\\t\\t$timestamp,\\n\\t\\t\\t$nonce,\\n\\t\\t\\t$json ? $base64_digest : ''\\n\\t\\t));\\n\\t\\t\\n\\t\\t// Decode shared secret (used as a byte array)\\n\\t\\t$byte_array = base64_decode($shared_secret);\\n\\t\\t\\n\\t\\t// Create signature\\n\\t\\t$signature = base64_encode(hash_hmac('sha256', utf8_encode($msg), $byte_array, true));\\n\\t\\t\\n\\t\\t// Return header\\n\\t\\treturn 'UWA ' . implode(':', array($store_key, $signature, $nonce, $timestamp));\\n\\t}\\n?>\",\n      \"language\": \"php\"\n    }\n  ]\n}\n[/block]","excerpt":"","slug":"create-the-authorization-header","type":"basic","title":"Create the Authorization header"}

urb-it as delivery method

Callback Url

Authorization

urb-it as click & Get

Versions

Objects

Errors

Request Ids

Software Development Kits

Inventory Management

Create the Authorization header

To create the **Authorization **header, perform the following steps: 1. Build the signature by following the steps described in the next section [Create the HMAC signature](doc:create-the-hmac-signature). 2. Send the signature in the Authorization header using UWA custom scheme. The data in the authorization header will contain the store key, signature, nonce and request time stamp separated by colon: "Authorization: UWA StoreKey:Signature:Nonce:Timestamp". An example of an **Authorization **header would look like: [block:parameters] { "data": { "h-0": "Name", "h-1": "Description", "0-0": "store key", "1-0": "timestamp", "2-0": "nonce", "3-0": "signature", "0-1": "The key used to identify the specific shop. This key is available in the Retailer portal.", "1-1": "The time when the message was created.\n\n***Important**: Please note that the provided value should be the current Unix timestamp*\n\n***Warning**: Messages older than 15 minutes will be rejected in order to prevent replay attacks.*", "2-1": "The nonce (number used once) is a unique and random string that is meant to uniquely identify each request.", "3-1": "Is the signature that is produced by following this guide, and will be validated at the server." }, "cols": 2, "rows": 4 } [/block] The following code examples shows how to generate the entire header: [block:code] { "codes": [ { "code": "public string GetAuthorizationHeader(string storeKey, string sharedSecret,\n string method, string url, string contentAsJson)\n{\n var digestBase64 = String.Empty;\n if (!String.IsNullOrWhiteSpace(contentAsJson))\n {\n var content = Encoding.UTF8.GetBytes(contentAsJson);\n byte[] requestContentHash = MD5.Create().ComputeHash(content);\n digestBase64 = Convert.ToBase64String(requestContentHash);\n }\n \n var nonce = Guid.NewGuid().ToString();\n\n var timestampLong = (long)DateTime.UtcNow.Subtract(\n new DateTime(1970, 01, 01, 00, 00, 00)).TotalSeconds;\n\n \tvar timestamp = timestampLong.ToString(CultureInfo.InvariantCulture);\n\n var msgToSisgn = String.Format(\"{0}{1}{2}{3}{4}{5}\",\n storeKey,\n method.ToUpper(),\n url,\n timestamp,\n nonce,\n digestBase64);\n\n var secretKeyByteArray = Convert.FromBase64String(sharedSecret);\n\n using (var hmac = new HMACSHA256(secretKeyByteArray))\n {\n byte[] signatureBytes = hmac.ComputeHash(Encoding.UTF8.GetBytes(msgToSign));\n string requestSignatureBase64String = Convert.ToBase64String(signatureBytes);\n\n return String.Format(\"UWA {0}:{1}:{2}:{3}\", \n storeKey,\n requestSignatureBase64String,\n nonce,\n timestamp);\n }\n}", "language": "csharp" }, { "code": "private static String getAuthorizationHeader(String storeKey, String sharedSecret,\n\t\tString method, String url, String contentAsJson) {\n\ttry{\n\n\t\tString timestamp = Long.toString(Math.round(System.currentTimeMillis() / 1000));\n\t\tString nonce = UUID.randomUUID().toString();\n\n\t\tbyte[] body = contentAsJson.getBytes(\"UTF-8\");\n\n\t\tMessageDigest md = MessageDigest.getInstance(\"MD5\");\n\t\tbyte[] thedigest = md.digest(body);\n\n\t\tString messageToSign = new StringBuilder()\n\t\t\t.append(storeKey)\n\t\t\t.append(method.toUpperCase()).append(url)\n\t\t\t.append(timestamp)\n\t\t\t.append(nonce)\n\t\t\t.append(Base64.getEncoder()\n\t\t\t.encodeToString(thedigest)).toString();\n\n\t\tbyte[] secretKey = Base64.getDecoder().decode(sharedSecret);\n\t\tMac hmac = Mac.getInstance(\"HmacSHA256\");\n\t\thmac.init(new SecretKeySpec(secretKey, \"HmacSHA256\"));\n\n\t\tbyte[] rawHmac = hmac.doFinal(messageToSign.getBytes());\n\n\t\tString signatureAsBase64 = Base64.getEncoder().encodeToString(\n\t\t\t\trawHmac);\n\n\t\tString authorizationHeader = new StringBuilder().append(\"UWA \")\n\t\t\t\t.append(storeKey)\n\t\t\t\t.append(\":\" + signatureAsBase64)\n\t\t\t\t.append(\":\" + nonce)\n\t\t\t\t.append(\":\" + timestamp).toString();\n\n\t\tSystem.out.println(authorizationHeader);\n\n\t\treturn authorizationHeader;\n\n\t} catch (UnsupportedEncodingException e) {\n\t\t// TODO Auto-generated catch block\n\t\te.printStackTrace();\n\t} catch (InvalidKeyException e) {\n\t\t// TODO Auto-generated catch block\n\t\te.printStackTrace();\n\t} catch (NoSuchAlgorithmException e) {\n\t\t// TODO Auto-generated catch block\n\t\te.printStackTrace();\n\t}\n\n\treturn \"\";\n}", "language": "java" }, { "code": "import java.nio.charset.StandardCharsets;\nimport java.security.SignatureException\nimport java.security.spec.EncodedKeySpec;\nimport com.eviware.soapui.support.types.StringToStringMap\nimport java.security.MessageDigest\nimport javax.crypto.Mac\nimport javax.crypto.spec.SecretKeySpec\nimport java.sql.Date.*;\nimport java.util.UUID;\nimport javax.xml.bind.DatatypeConverter;\n\n\ndef now = new Date()\ndef timestamp = Math.round(now.getTime()/1000);\n\nString storeKey = \"b0477a45-1198-419f-b159-e484be341512\";\nString requestMethod = \"POST\"\nString requestUrl = \"https://dev-retailer-api.urb-it.com/api/order/create/\"\nString secret = \"aaNDNO23YWpSANlXADkyjUz8kOZA9C74HL+RYxCLGxgFD9lSF5BxTdrFQ7mPDPeXHpYzLkhQHuRYF+EYMi+fkA==\"\n\n\nString context = \"\"; // The Json content\nUUID uuid = UUID.randomUUID();\nString nonce = \"48e0e16-cbc9-4953-ad33-f3d17c5330dc\"//uuid.toString();\n\ntry {\n\n // get an hmac_sha1 key from the raw key bytes\n\n byte[] body = context.getBytes();\n MessageDigest md = MessageDigest.getInstance(\"MD5\");\n byte[] thedigest = md.digest(body);\n SecretKeySpec signingKey = new SecretKeySpec(DatatypeConverter.parseBase64Binary(secret), \"HmacSHA256\");\n Mac mac = Mac.getInstance(\"HmacSHA256\");\n mac.init(signingKey);\n \n // compute the hmac on input data bytes\n \n String message = new StringBuilder()\n .append(storeKey)\n .append(requestMethod)\n .append(requestUrl)\n .append(timestamp)\n .append(nonce)\n .append(DatatypeConverter.printBase64Binary(thedigest))\n .toString();\n \n byte [] signatureBytes = mac.doFinal(message.getBytes());\n signature = DatatypeConverter.printBase64Binary(signatureBytes)\n \n} catch (Exception e) {\n log.info \"error\" + e.getMessage()\n throw new SignatureException(\"Failed to generate HMAC : \" + e.getMessage());\n}\n\nString authorizationHeader = new StringBuilder()\n .append(storeKey)\n .append(\":\"+signature)\n .append(\":\"+nonce)\n .append(\":\"+timestamp)\n .toString();\n\ndef headers1 = new StringToStringMap()\nheaders1.put(\"Authorization\",\"UWA \" +authorizationHeader)", "language": "groovy" }, { "code": "<?php\n\tfunction get_authorization_header($store_key, $shared_secret, $method, $url, $json) {\n\t\t// Ensure JSON content is encoded as UTF-8\n\t\t$json = utf8_encode($json);\n\t\t\n\t\t// Create MD5 digest ($raw_output = true)\n\t\t$md5_digest = md5($json, true);\n\t\t\n\t\t// Create Base64 digest\n\t\t$base64_digest = base64_encode($md5_digest);\n\t\t\n\t\t// Get current Unix timestamp\n\t\t$timestamp = time();\n\t\t\n\t\t// Create a unique nonce\n\t\t$nonce = md5(microtime(true) . $_SERVER[‘REMOTE_ADDR’] . rand(0, 999999));\n\t\t\n\t\t// Concatenate data\n\t\t$msg = implode(”, array(\n\t\t\t$store_key,\n\t\t\tstrtoupper($method),\n\t\t\tstrtolower($url),\n\t\t\t$timestamp,\n\t\t\t$nonce,\n\t\t\t$json ? $base64_digest : ”\n\t\t));\n\t\t\n\t\t// Decode shared secret (used as a byte array)\n\t\t$byte_array = base64_decode($shared_secret);\n\t\t\n\t\t// Create signature\n\t\t$signature = base64_encode(hash_hmac(‘sha256’, utf8_encode($msg), $byte_array, true));\n\t\t\n\t\t// Return header\n\t\treturn ‘UWA ‘ . implode(‘:’, array($store_key, $signature, $nonce, $timestamp));\n\t}\n?>", "language": "php" } ] } [/block]