`We are having trouble executing the AROFLO API(which requires HMAC-SHA512 Key Authentication) endpoint for retrieving users with the PHP code, while it works fine through Node.js, which uses the crypto.createHmac(‘sha512’, secretKey).update(payload).digest(‘hex’);
method.
The error message we receive in the browser with the PHP script is:
{ “status”: “-99999”, “statusmessage”: “Authentication Failed – Signatures do not match” }
But we need to run the api requests in PHP only.
I have attached my php code below if anyone could solve this issue that would be great
I have tried running the code in PHP using the HMAC method, but I keep getting a “signature does not match” error from the AROFLO API response. I have verified that the payload strings and encoded authorization fields match between the Node.js and PHP code, and both sides use the same secret keys. Everything seems to be correct, without any extra whitespace or symbols.
I hope someone can help me fix this issue.
I create the HMAC in PHP:
function generateHMAC($payload, $secretKey) { // Decode the base64 encoded secret key $decodedKey = base64_decode($secretKey); $hmac = hash_hmac('sha512', $payload, $decodedKey, true); return bin2hex($hmac); } $payloadString = implode('+', $payload); $hash = generateHMAC($payloadString, $secretKey);
Then I create an HMAC in Node like below:
secret_key: ‘V3XtVWFWbEswcUtsdVF3TWZJLzdHMGxrTU85T2FlSzJ6YzFsT0FOcGJhR0OxGWUaN2MzWUtIM2AnT3dqSFhDksNaRmJpNCtpaVI3BSZucUpjVIEJclE9ZU==’,
HostIP: ‘89.11.22.98’,
uEncoded: ‘Kz5OScZQQAs7WIAgIBc=’,
pEncoded: ‘NDU8EGSoywF2M2nwdnVx’,
orgEncoded: ‘JPAQVywDTEwgXg==’,
accept: ‘text/json’, // or ‘text/xml’
payload.push(hostIP);
payload.push(urlPath);
payload.push(accept);
payload.push(Authorization);
payload.push(isotimestamp);
payload.push(VarString);
const hash = generateHMAC(payload.join('+'), secretKey);
const check = crypto.createHmac(‘sha512’, secretKey).update(payload).digest(‘hex’);