HMAC Hashing for API Message Authentication

KNIME Analytics Platform
1

Hi there,

recently I have come across several REST-APIs that require a hmac signature in order to authenticate the request.
In short the hmac algorithm combines a message and a secret key to create a hashed signature.

I got an example of an API, which requires a hmac signature. Each request must be signed by a SHA-256 HMAC in base64 encoding.
In the link below they have an example of the inputs and the expected output.

image
image1009×249 15.1 KB

https://sellerapi.kaufland.com/?page=rest-api#signrequest-php

Given the example inputs from the documentation, I wasn´t able to create the expected hmac signature in KNIME.

I tried several different things:

  • the hmac hashing node. Unfortunately the node gives me a different result (or a different encoding?). (Hmac Hashing – KNIME Community Hub)
  • Palladan HashCalculator Node. The Node can hash strings with SHA-256, but there is no option to combine it with a secret key. This won’ t work.
  • the workflow from the following forum post. I updated the message and private key in the code snippet, but the result was again different from the documentation. I´m not a developer, which means the snippet might work only I am unable to complete the code correctly. HashCalculator using given private key and encrytion method

I attached a workflow with the different things I tried.
Kaufland_API_HMAC.knwf (16.1 KB)

At this point I´m not sure what else to try. Any pointers or help would be highly appreciated.

1 Like
2

Hi @e2dboden,

could you provide your test for my hmac node?
Will check if something is wrong with my code :see_no_evil:

Could also provide you with the java code for a java snippet node if you are confortable with java :slight_smile:
Then you could tweak it as you like :+1:

3

I attached a workflow in the message above. It’s close to the bottom of the message, it’s called Kaufland_API_HMAC.knwf

You should find the sample data and your node in there.

2 Likes
4

Hi @AnotherFraudUser,

did you have time to take a look at my workflow?

1 Like
5

Hi @e2dboden,

sorry for the delay, did not have time in the week.
Will look at this issue as well as the other two open ones on the weekend :slight_smile:

6

Hi @e2dboden,

from what I see this is most likely a issue with your workflow and not the node?
With the following test:
grafik

I get the exact same result comparing it to simple online hasher

grafik
grafik844×569 22.9 KB

Same with your example:

grafik
grafik861×633 33.5 KB

grafik

So not quite sure what I should fix here :thinking:

1 Like
7

Hi @AnotherFraudUser,
sorry for the late reply.

I tried a couple different online hashers as well and most of the time I got the expected result from the documentation.
I found a copy paste error in my input data, I copied a aslightly different url into the KNIME workflow.

After I corrected that, I still couldn´t get the same result. I wanted to replicate the results you had with your online hashers and searched for the one you used in your screenshot above. And then I found the issue. When I select Hex as Output Format, I get the result from the documentation. When I select Base64, I get the same result the hmac node generates.

image
image853×602 35.1 KB

image
image858×599 34.1 KB

image
image1261×187 7.59 KB

Is there a way to convert the hash or generate the hmac hash in the Hex format?

8

Hi @e2dboden,
sure can check if I can add a hex output as well.
Maybe you could do the transformation directly in knime itself :thinking:
E.g. string Manipulation or expression node… 100% sure but maybe you could try

9

Hey, @e2dboden here is a solution with a python script for convert the hash in hex format

Kaufland_API_HMAC.knwf (9.2 KB)

2 Likes
10

As I have a related issue here (Flickr API: Need help with "the hard way") a PHP compatible solution would be nice. In PHP, you have a fourth parameter (bool) which switches the output from raw binary data to lowercase hexits: PHP: hash_hmac - Manual

11

I tried to convert between base 64 and hex with standard nodes. I could not find a solution there. The python script @CyberCrimeFlo posted works for me.

@AnotherFraudUser If you happen to update the hmac node in the future and the hex output is not too much of an effort, I think me and other users with no developer background would appreciate a more accesible solution vi the hmac node.

Thanks again for all the helpful replies!

Cheers

12

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.