I’m trying to validate hmac authentication for my api set. Below are the issue details I’m facing.
Setup :
I have enabled “HMAC (Signed Auth key)” for my api set in authentication dropdowns.
I’m passing authrization header as below.
Signature keyId=<key_value>,algorithm=“hmac-sha1”,headers=“(request-target) Date hmac-text”,signature=“${url_encoded_signature}”
I have added header Date and hmac-text
The above header values are used for deriving the signature value.
For deriving the signature I have used the below shell script.
function urlencode() {
echo -n “$1” | perl -MURI::Escape -ne ‘print uri_escape($_)’ | sed “s/%20/+/g”
With the above when send api request, below is the error I’m getting.
“error”: “Authorization field missing, malformed or invalid”
Gateway logs look like this.
level=info msg=“API Requires HMAC signature, session missing HMACSecret or HMAC not enabled for key”
level=error msg=“No HMAC secret for this key” error=“This key ID is invalid” keyID=<key_id>
level=info msg=“Authorization field missing or malformed” origin=<origin_value> path=<api_path>
If I lookup for the key id i’m using in keys,
‘Enforce HMAC request signing’ is not checked.
And when I try to check and update it says
“HMAC Secret
No Key HMAC secret for this user, please generate a new key.”
Kindly help me in setting up the this authentication for my api set.
And I have referred to this issue and have used the same script
Hi Luan,
Thank you very much for the update.
I checked with updated version i.e…
dashboard 1.5.1
gateway 2.51.
hmac secret is visible in dashboard now.
But I’m getting the below logs.
level=error msg=“Date parsing failed” date_string=0001-01-01 00:00:00 +0000 UTC
level=error msg=“Clock skew outside of acceptable bounds”
level=info msg=“Authorization field missing or malformed” origin=<origin_ip> path=<api_path>
I have disabled clock skew.
Even then I’m getting this error. Please help me with this
Error :
level=error msg=“Signature string does not match!” expected=“fbWcm7QCRGF3WyaY9ALGrT6J6KE%3D” got=“Mn7CPaP6TL5RB82zTA%2FUqSFb97E%3D”
and if I pass the expected signature from above log i.e… fbWcm7QCRGF3WyaY9ALGrT6J6KE%3D its working fine.
but I don’t find anything wrong in my script. Can you please point out if I’m doing something wrong in there.