How to sign external API requests HMAC_SHA-256?
Options
Indrek Peenmaa
Member ✭
Hello
I have been stuck with one issue for some time and hope someone can help.
I am trying to set up integration from Xano to my accounting system.
The API manual of accounting system instructs that URL parameters (including timestamp and public key) and request body should by used in signature calculation. The signature is calculated with HMAC-SHA256 algorithm and then converted to HEX.
I have tried to push this signature on Xano's External API Request page to headers field and used HMAC-SHA256 filter after that - but does not work as it should. Error message is about timestamp not found which means that signature is not recognized correctly.
I have checked that signature is calculated correctly (accounting system has test tool for it and these codes match with Xano output).
But I have trouble finding how to use Xano to add this signature to URL. Has anybody experience with such topics?
Guidelines are here on pages 4-6
https://www.smartaccounts.eu/uuskodu2015/wp-content/uploads/2021/06/SmartAccounts_API_latest.pdf
I have been stuck with one issue for some time and hope someone can help.
I am trying to set up integration from Xano to my accounting system.
The API manual of accounting system instructs that URL parameters (including timestamp and public key) and request body should by used in signature calculation. The signature is calculated with HMAC-SHA256 algorithm and then converted to HEX.
I have tried to push this signature on Xano's External API Request page to headers field and used HMAC-SHA256 filter after that - but does not work as it should. Error message is about timestamp not found which means that signature is not recognized correctly.
I have checked that signature is calculated correctly (accounting system has test tool for it and these codes match with Xano output).
But I have trouble finding how to use Xano to add this signature to URL. Has anybody experience with such topics?
Guidelines are here on pages 4-6
https://www.smartaccounts.eu/uuskodu2015/wp-content/uploads/2021/06/SmartAccounts_API_latest.pdf
Comments
-
Hey ,
I'm glad you found the ability to do this with the filter.
You are saying that you manually verified that the signature is being calculated correctly - but when you send it, you get an error saying otherwise? If I understand that correctly, then it probably means you may be sending a header incorrectly.
Are you able to show any screenshots? Make sure to mask out anything sensitive to your account. -
Hello
I tried to start from the most simple step and just to query countries from accounting system (no extra header parameters and no body).
GET request to https://sa.smartaccounts.eu/api/settings/countries:get
but I need to attach to this API to header as a minimum a timestamp and apikey and sign them.
https://sa.smartaccounts.eu/api/settings/countries:get?timestamp=09102021214500&apikey=123456789.
I try to push it into header. not sure if this is right approach.
NB! I entered timestamp manually but found that in Xano I can in principle use now() and with format_timestamp filter and dmYHis format transform it into right format)
[External API call.jpg]
Categories
- All Categories
- 53 ? Announcements
- 47 ? Releases
- 37 ? Welcome
- 983 ? Help! I'm a Noob
- 125 ? No-Code Front-Ends
- 633 ? Working with APIs
- 439 ? Transforming data
- 126 ? Connect Xano to ...
- 50 ?? Find an Expert
- 348 ❓Other questions
- 35 ? Security
- 22 ✂️ Snippets
- 19 ? Showcase
- 7 ?️ Xano Chatter
- 62 ? Video Tutorials
- 171 ? Request a feature
- 229 ? Report a Bug
- 19 ? Templates & Extensions
- 7 ? Feedback