AnsweredAssumed Answered

What am I doing wrong with authetication?

Question asked by S Brook Moles on Dec 14, 2015
Latest reply on Jan 4, 2016 by S Brook Moles

Hi there,


Following the terrific advice provided by James Jones and using some tools available on the Web, I built a signature file, generated an HMAC-SHA-256 digest and had it base64 encoded. I then tried testing the access using Postman.  Here's a screenshot of the Postman form:


I tested the HMAC digest generation and base64 encoding using James's example for testing and got exactly the same signature as he did. So I think the steps I used to generate the signature with our school's own, actual values should have worked. I pasted the API key after 'HMACAuth' in the Authorization header, followed by a colon, followed by the base64 encoded digest.  I ensured that the Date was within 15 minutes of server time (well, I just used my current time, 9:48 ET, which I'm fairly sure is 15:48:00 GMT).


But, as you can see, what I got back was an Unauthorized message, and I can't figure out why. I've checked and rechecked the values I entered, but I think I must still be missing something.


Does anyone else have any ideas?


Thanks in advance,,