I'm writing a Javascript client that GETs a project from Synapse via the REST API.
I'm using a signed signature in the request headers which I ported from the Python synapsePythonClient code. My code appears to be generating the exact some signature as the Python library but keeps returning the below error. Is there any documentation regarding the exact format of the signed headers? Is there something else blocking by access?
```
error: {
reason: 'Invalid digital signature: H9GN/1QGldpbqb6wgm/Kg4mp50o='
}
```
```
headers: {
userId: 'mySynapseId',
signatureTimestamp: '2018-07-24T20:01:14.000Z',
signature: 'H9GN/1QGldpbqb6wgm/Kg4mp50o='
}
```
Code:
```
private static _getSignedAuthHeaders(fullUrl: string): any {
const apiKey = process.env.SYNAPSE_API_KEY;
const username = process.env.SYNAPSE_USERNAME;
const timestamp = new Date(new Date().toUTCString()).toISOString();
const urlPath = url.parse(fullUrl).path;
const signature_data = username + urlPath + timestamp;
const hmac = crypto.createHmac('sha1', apiKey);
hmac.update(signature_data);
const signature = hmac.digest().toString('base64');
return {
"userId": username,
"signatureTimestamp": timestamp,
"signature": signature
};
}
```
Created by Patrick Stout pstout Hello @pstout
I have written a script myself to sign requests in bash, and run into a couple of issues. These are the things I would check:
* The API key (that you get from the web client) is base64 encoded. You need to decode it before using it to sign.
* The data should be in UTF-8 (unless converting it to UTF-8 doesn't really matter in your environment. It does not matter in my bash script.)
* The signature is base64 encoded.
* The header "userId" actually contain the username (which was used in the signed data).
Drop files to upload
Invalid digital signature when making API request page is loading…