Modulr API 的身份验证失败 - Python
[英]Authentication failing for Modulr API - Python
问题描述
The API docs are here 
API 文档在这里
The only code example is in Java, here唯一的代码示例是在 Java 中, 这里
Every time I try to authenticate I get:每次我尝试进行身份验证时,我都会得到:
{
"error": "Authorization field missing, malformed or invalid"
}
I have been through the auth docs many times over and still no luck.我已经多次浏览了 auth 文档,但仍然没有运气。
Here is my code:这是我的代码:
import requests
import secrets
import codecs
from wsgiref.handlers import format_date_time
from datetime import datetime
from time import mktime
import hashlib
import hmac
import base64
import urllib.parse
key = '<API_KEY>'
secret = '<API_SECRET>'
# Getting current time
now = datetime.now()
stamp = mktime(now.timetuple())
# Formats time into this format --> Mon, 25 Jul 2016 16:36:07 GMT
formated_time = format_date_time(stamp)
# Generates a secure random string for the nonce
nonce = secrets.token_urlsafe(30)
# Combines date and nonce into a single string that will be signed
signature_string = 'date' + ':' + formated_time + '\n' + 'x-mod-nonce' + ':' + nonce
# Expected output example --> date: Mon, 25 Jul 2016 16:36:07 GMT\nx-mod-nonce: 28154b2-9c62b93cc22a-24c9e2-5536d7d
# Encodes secret and message into a format that can be signed
secret = bytes(secret, encoding='utf-8')
message = bytes(signature_string,encoding='utf-8')
# Signing process
digester = hmac.new(secret, message, hashlib.sha1)
# Converts to hex
hex_code = digester.hexdigest()
# Decodes the signed string in hex into base64
b64 = codecs.encode(codecs.decode(hex_code, 'hex'), 'base64').decode()
# Encodes the string so it is safe for URL
url_safe_code = urllib.parse.quote(b64,safe='')
# Adds the key and signed response
authorization = f'Signature keyId="{key}",algorithm="hmac-sha1",headers="date x-mod-nonce",signature="{url_safe_code}"'
account_id = 'A120BU48'
url = f'https://api-sandbox.modulrfinance.com/api-sandbox/accounts/{account_id}'
headers = {
'Authorization': authorization, # Authorisation header
'Date' : formated_time, # Date header
'x-mod-nonce': nonce, # Addes nonce
'accept': 'application/json',
}
response = requests.get(url,headers=headers)
print(response.text)
I am not sure where the process is going wrong, as far as I know, the signature is being signed correctly as I added in the test data from the authentication example and I get the expected string.我不确定这个过程哪里出错了,据我所知,当我从身份验证示例中添加到测试数据中并得到预期的字符串时,签名被正确签名。
If you want to try with real API keys, register for access here如果您想尝试使用真正的 API 密钥,请 在此处注册访问权限
The docs for the API endpoint I am trying to call is here我试图调用的 API 端点的文档在这里
1 个解决方案
解决方案1
2 已采纳 2019-06-28 11:05:13
The docs you linked has a space between the colon and the values.您链接的文档在冒号和值之间有一个空格。
signature_string = 'date' + ':' + formated_time + '\\n' + 'x-mod-nonce' + ':' + nonce
should be:应该:
signature_string = 'date' + ': ' + formated_time + '\\n' + 'x-mod-nonce' + ': ' + nonce
or (simpler):或(更简单):
signature_string = 'date: ' + formated_time + '\\n' + 'x-mod-nonce: ' + nonce
Update更新
I registered to see what is going on.我注册了看看发生了什么。 I also ran your code on the example given in the documentation and saw that the signature is not entirely correct.我还在文档中给出的示例上运行了您的代码,发现签名并不完全正确。
In addition to the change I suggested above, a further change was necessary.除了我上面建议的更改之外,还需要进行进一步的更改。
After changing the line换线后
b64 = codecs.encode(codecs.decode(hex_code, 'hex'), 'base64').decode()
to到
b64 = codecs.encode(codecs.decode(hex_code, 'hex'), 'base64').decode().strip()
the signature of the example matched.示例的签名匹配。
After this I was able to connect to the API with my own keys.在此之后,我能够使用自己的密钥连接到 API。
Here is the complete working code:这是完整的工作代码:
import codecs
import hashlib
import hmac
import secrets
import urllib.parse
from datetime import datetime
from time import mktime
from wsgiref.handlers import format_date_time
import requests
key = '<key>'
secret = '<secret>'
account_id = '<account id>'
url = f'https://api-sandbox.modulrfinance.com/api-sandbox/accounts/{account_id}'
# Getting current time
now = datetime.now()
stamp = mktime(now.timetuple())
# Formats time into this format --> Mon, 25 Jul 2016 16:36:07 GMT
formatted_time = format_date_time(stamp)
# Generates a secure random string for the nonce
nonce = secrets.token_urlsafe(30)
# Combines date and nonce into a single string that will be signed
signature_string = 'date' + ': ' + formatted_time + '\n' + 'x-mod-nonce' + ': ' + nonce
# Encodes secret and message into a format that can be signed
secret = bytes(secret, encoding='utf-8')
message = bytes(signature_string, encoding='utf-8')
# Signing process
digester = hmac.new(secret, message, hashlib.sha1)
# Converts to hex
hex_code = digester.hexdigest()
# Decodes the signed string in hex into base64
b64 = codecs.encode(codecs.decode(hex_code, 'hex'), 'base64').decode().strip()
# Encodes the string so it is safe for URL
url_safe_code = urllib.parse.quote(b64, safe='')
# Adds the key and signed response
authorization = f'Signature keyId="{key}",algorithm="hmac-sha1",headers="date x-mod-nonce",signature="{url_safe_code}"'
headers = {
'Authorization': authorization, # Authorisation header
'Date': formatted_time, # Date header
'x-mod-nonce': nonce, # Adds nonce
'accept': 'application/json',
}
response = requests.get(url, headers=headers)
print(response.text)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.