API needs SHA256 HMAC

psweb · September 2, 2021, 4:57pm

Have an API that wants an auth key as
$auth_token = hash_hmac('sha256', $timestamp, $api_key);

Am I able to replicate something like this server side in the current Wappler
@patrick

Hyperbytes · May 31, 2020, 2:46pm

Not at computer but have you tried setting the parameter to something like

now.sha256(api_key)

Sorry try that

psweb · May 31, 2020, 2:44pm

Will try it quickly, I tried a few things, but as far as I have read the normal SHA256 can not produce the same as the HMAC standard should.
Will test that and let you know.

psweb · May 31, 2020, 2:58pm

Looks like no matter what variation of SHA256 i try it does not give the correct result.
Even testing with the online generator tools with the same data in the online HMAC version vs the normal version i get completely different results.
The normal online SHA256 with SALT generator gives the same as Wappler while the HMAC online version gives the same as what the API is asking for.

Going to have to either make a custom formatter or wait for Wappler to add it in their cryptography.

Hyperbytes · May 31, 2020, 3:10pm

Literally on the back on an envelope what about a custom formatter like this (may have to check a bit of syntax)

namespace lib/core

Function formatter_hmac($api_key)
$val = hash_hmac(date(Y-m-d HH:mm),$api_key)
return $val
(sorry, phone keeps capitalising things)

JonL · May 31, 2020, 3:14pm

I would advise to use strval($api_key) to make sure it’s always treated as a string.

psweb · May 31, 2020, 3:15pm

never used a custom formatter before, so sadly am going to need an explanation like you are explaining this to a toddler, how, where, what, why, who, when, etc. lol. pleeeesae

Hyperbytes · May 31, 2020, 3:15pm

This is also interesting

psweb · May 31, 2020, 3:17pm

Just to confirm, this is a server side formatter i need?

JonL · May 31, 2020, 3:17pm

Where do you need it?

Hyperbytes · May 31, 2020, 3:18pm

Yes, instructions here

psweb · May 31, 2020, 3:18pm

query parameter of a server side API action for auth=432hjkl423709hklmn32l489

JonL · May 31, 2020, 3:19pm

Didn’t you just answer yourself?

psweb · May 31, 2020, 3:20pm

Lol, no, confushious say whaat

Hyperbytes · May 31, 2020, 3:23pm

Do my original notes help

psweb · May 31, 2020, 3:22pm

Query parameter of a server side API Action for auth=$auth_token
$auth_token = hash_hmac(‘sha256’, $timestamp, $api_key);

JonL · May 31, 2020, 3:22pm

What Brian said a few posts ago but I would say that:

hash_hmac( ‘sha256’ , strval($api_key))

Hyperbytes · May 31, 2020, 3:23pm

Lol,yeah, forgot to specify the encryption

psweb · May 31, 2020, 3:23pm

ok gonna try and will bug you if i get stuck

JonL · May 31, 2020, 3:25pm

LOL…you are actually not asking for the function…it’s already in the OP. I just noticed.

Yeah. Custom formatter all the way…I use quite a few. You won’t have any trouble with them.