hmac for post request,HMAC for post Request

Not applicable

Hi,

I have a post API to hit via apigee where hmac is enabled. While I am trying to hit via the custom client we developed, I am facing trouble. The post request uses HttpEntity as its body where it has two types of the body -- BinaryBody as an input stream and TextBody as s string. Confused on how to create the HMAC. Help will greatly appreciated.

Thanks in Advance.

,

Hi All,

I have a post request which we need to hit via APIGEE. I had configured the API in APIGEE end but while trying to hit it from the client, I am facing trouble while creating the HMAC token for the request as the post request uses httpEntity as body whereas it has two bodies in the entity one Binary Body as input stream and TextBody as a string. Confused on how to make the HMAC of this request.

Thanks in advance.

0 2 691
2 REPLIES 2

Hi - before I answer your question, I'd like to ask a question of my own. It seems that you've keyed in the same question, similarly worded, twice. Why is that? Is the UI on community.apigee.com confusing you? Encouraging you to type it twice? I see this from time to time and I am wondering how it happens. It's not a cut-and-paste issue because the wording is slightly different.

Please explain if you can.

Hi -

you are describing the client-side programming model. I think you said HttpEntity, BinaryBody, and TextBody. Not sure, maybe you are using Java/Spring to build the client.

But that part is irrelevant. The client code you use to construct the HTTP request is mostly irrelevant, I think. I think you are really asking "how can I compute an HMAC in Apigee Edge?" And for that, the client-side programming model is moot.

For computing an HMAC in Apigee edge, there is a custom policy. Configure it like so:

<JavaCallout name='JavaCallout-HMAC-Create' enabled='true'>
  <DisplayName>JavaCallout-HMAC-Create</DisplayName>
  <Properties>
    <!-- name of the variable that holds the key -->
    <Property name="key">{request.queryparam.key}</Property>
    <Property name="algorithm">sha-256</Property>
    <Property name="string-to-sign">{request.content}</Property>
    <Property name="debug">false</Property>
  </Properties>
  <FaultRules/>
  <ClassName>com.apigee.callout.hmac.HmacCreatorCallout</ClassName>
  <ResourceURL>java://hmac-edge-callout.jar</ResourceURL>
</JavaCallout>

If you want Apigee Edge to compute the HMAC on the entire request content, then use "request.content" as the string-to-sign. If you want an HMAC on something else, configure something else there.

See the readme for the callout, for full details.