When using an API key only and testing using the services/browse admin interface, I found the API key was always invalid. It turns out the way the hash of the key is constructed is different when offering a default key in the admin form & the key validator. Especially annoying since I also couldn't find any good documentation on creating the hash.

I've searched to see if this is a known issue, but with no luck in finding anything.

For anyone wondering how to create the hash of the API key in Php - the details are below. But in your client...

  • use the proper domain for your API key instead of $_SERVER['HTTP_HOST']
  • the method name instead of arg(4)
  • a random 10 digit alphanumeric string for the $nonce
  • and the shared API Key for your domain instead of services_admin_browse_get_first_key()

The patch is attached, but the trivial change is in services_admin_browse.inc to services_admin_browse_test():

      case 'hash':
        $hash_parameters = array($timestamp, $_SERVER['HTTP_HOST'], $nonce, arg(4));
        $hash = hash_hmac("sha256", implode(';', $hash_parameters), services_admin_browse_get_first_key());
        $form['arg'][$key] = array('#title' => 'Hash', '#type' => 'textfield', '#default_value' => $hash);
        break;
CommentFileSizeAuthor
services.patch804 bytesscafmac

Comments

aufumy’s picture

aufumy commented
Component: Code » Documentation

I found this issue useful in terms of documentation. I believe may already have been fixed.

      case 'hash':
        $form['arg'][$key] = array('#title' => 'Hash', '#type' => 'textfield', '#default_value'  => hash_hmac('sha256', $timestamp .';'. $_SERVER['HTTP_HOST'] .';'. $nonce .';'. arg(4), services_admin_browse_get_first_key()));
        break;
snelson’s picture

snelson commented
Assigned: Unassigned » snelson
Status: Needs review » Fixed

This was already fixed at some point. Thanks.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.