Start a new topic
Solved

POST problem with authentication

GET is  working fine but with POST I have only failed authentication


I have problem with specification for example :

/users/create


signature is derived from:

"/users/create?api_key=API_KEY&name=NAME&request_timestamp=EPOCH_TIME_SEC"


POST request :

POST - https://playgroundapi.ost.com/users/create?api_key=API_KEY&name=NAME&request_timepstamp=EPOCH_TIME_SEC&signature=SIGNATURE



So url is only:

https://playgroundapi.ost.com/users/create


and payload is ?  api_key=API_KEY&name=NAME&request_timepstamp=EPOCH_TIME_SEC&signature=SIGNATURE  


Could you please post example of successful POST request ?


1 person has this problem

I am having the same issue. I can perform GET requests fine, however, POST requests are a no-go.


I have tried constructing  the request a variety of ways, but it always seems to yield a 401. Are you using the Ruby SDK? Does anyone know if it works within that?


1 person likes this

I used Python but same result and I also tried every possible combination. I also used curl with same result. Always 401.

Hello Tom. You can find us on gitter.im/openstfoundation/simpletoken for technical questions / chat.

Just for people visiting -  solution:


signature is derived from:

"/users/create?api_key=API_KEY&name=NAME&request_timestamp=EPOCH_TIME_SEC"


POST request :

https://playgroundapi.ost.com/users/create?api_key=API_KEY&name=NAME&request_timepstamp=EPOCH_TIME_SEC&signature=SIGNATURE


Payload(json):

{"api_key":"API_KEY","name":"NAME,""request_timepstamp":"EPOCH_TIME_SEC","signature":"SIGNATURE"}


The problem with POST requests returning "Unauthorized" status start happening again in playground2api.stagingost.com environment...


Could you please validate if POST request working correctly in stagingost? No problems with GET requests...

Andrew: make sure to add all parameters (form encoded) to the request body of the POST request, and not only as query string parameters.

Thank you Jay. I’ve tested this solution and can confirm that passing parameters in the POST body rather than in a query string indeed helps to avoid receiving “unauthorized” status...

1 person likes this

Including the parameters in the body also solved this for me - however it's unexplained and not documented in the docs https://dev.ost.com/docs/api_authentication.html

Well that was a waste of dev time - thank you Jay and Tom for sharing the solution.

randomString = "https://sandboxapi.ost.com/v1.1/actions?request_timestamp=1526550366&api_key=XXXXXXX";


  byte[] key = Encoding.UTF8.GetBytes("scrt_code");

 

 

            byte[] message = Encoding.UTF8.GetBytes(randomString);

            var hash = new HMACSHA256(key);

            byte[] hashb = hash.ComputeHash(message);

            return BitConverter.ToString(hashb).Replace("-", "").ToLower();


I'm using C#, this way the hash not returning properly... can u someone advice?

Vijay,


You're probably better off asking the devs here:


https://gitter.im/OpenSTFoundation/SimpleToken

Login to post a comment